The problem
For this healthcare technology company, the protection of personal health information (PHI) was an ongoing commitment, and a legal mandate. The Health Information Privacy and Portability Act (HIPPA) required them to guard against data security problems. An expert recommended the company put a web application firewall (WAF) in place to ensure they were securing patient data, in compliance with the law. But within one week after launch, droves of physicians began calling to complain that the vital forms they were submitting to the system were being blocked– an event referred to as a “false positive.”
Despite months of attempted repairs, the false positives continued to mount, slowing medical information exchange to a crawl or forcing users to find other ways around the system—an approach that opened up additional risks.
The company soon realized they needed a new level of expertise. They met with a range of vendors, and received a range of proposals that were either unworkable, or not in compliance with HIPPA. After a discussion with RedShield, they were on the road to recovery.
The solution
During the proof-of-concept phase, the RedShield team determined that the forms actually weren’t susceptible to the type of attacks that previous experts had been working to protect against, and the WAF was blocking the information in the form, rather than the form itself.
RedShield recommended implementing a shield to mask the sensitive data as it traveled through the security information and event (SIEM) software. This method would move information from the RedShield node to the RedShield SIEM, keeping the sensitive data protected in compliance with the law, while preventing the system from rejecting it.
The results
After a two-week trial, RedShield was able to show zero false positives and a clean penetration test result. That impressive outcome, combined with RedShield’s significant cost effectiveness, drove the healthcare company’s decision to move ahead with RedShield. Even better, within days of starting the pilot, RedShield’s reporting showed in real-time that an attack targeting a weakness in the application was underway. RedShield immediately introduced emergency shielding to shut down the assault. The pilot continued for a full month with no false positive activity.
Today, RedShield continues to stand guard:
- Maintaining appropriate controls
- Maintaining full HIPPA compliance
“Being forced to upgrade the whole platform would have caused huge disruption, cost, and delays, but appeared to be our only option. With RedShield, we were able to address just those discovered issues, and keep the project on track.”
—Healthcare IT Company Executive
