When it comes to industries at risk from cyber attacks, the healthcare sector is rapidly rising to the top of the adversaries’ most wanted list. With the street value of personal healthcare information (PHI) at an all-time high, healthcare companies need to be more diligent than ever about protecting their data and systems. Despite the high threat of breach and even higher consequences resulting from intrusions, the reality remains that the healthcare industry has historically been slower to respond to threats than other industries, as well as slower to adopt new technologies. Concerned with the evolving threat landscape and motivated by duty to protect patients’ data assets, Cardinal Innovations Healthcare Solutions understood that they needed to partner with an industry-leader at the forefront of the cybersecurity sector to best defend their systems and data against sophisticated attackers—both today and into the future as the threat landscape continues to evolve.
CARDINAL INNOVATIONS EXISTING SECURITY POSTURE:
BLIND SPOTS AND LACK OF SPEED
Chad Currier, Cardinal Innovation’s IT Infrastructure Director, is tasked with monitoring and protecting endpoints organization-wide. He was painfully aware that with so many endpoints to monitor, visibility was an issue. “We knew we had little to no visibility on our endpoints, and that our traditional layered defenses were not getting the job done,” said Currier. While the healthcare provider’s security team knew that they needed to improve their security systems, they didn’t realize how poorly they were performing until a proof-of-concept (POC) with CrowdStrike took place. During the POC, CrowdStrike’s next-generation endpoint protection solution was directly deployed onto their systems, providing a real-time 360-degree view of their current security posture. The results were eye-opening, to say the least, emphasizing the need to take a different approach—and do it fast. “With PHI at stake and carrying such a high premium on the open market, reaction time when a breach happens is crucial, and we knew that were not in a position to move quickly in the event of an attempted breach,” shared Currier.
CROWDSTRIKE PROOF-OF-CONCEPT: EYE-OPENER
According to Currier, the proof-of-concept demonstrated in a very dramatic and applicable way exactly where the vulnerabilities lay within their current security posture. The CrowdStrike Falcon Platform not only provided Cardinal Innovations with complete real-time endpoint activity monitoring, but also revealed the deficiencies of their existing network and endpoint security technologies. Using patented detection and prevention methodology, CrowdStrike identified attacks that their current systems completely missed. In addition to the ability to detect and prevent advanced attacks, CrowdStrike’s endpoint protection solution was easily deployed and quickly up-and-running by virtue of its 100 percent cloud-based architecture. “Within minutes of deployment, CrowdStrike produced results and allowed us to experience first-hand the way they interact with and support clients,” said Pete Murphy, Cardinal Innovations CIO. Currier and Murphy were also impressed with CrowdStrike’s support and its ability to immediately integrate with and augment their existing in-house security team. CrowdStrike’s 24/7/365 Security Operations Center provided Cardinal Innovations with around-the-clock insight, intelligence, and powerful adversary hunting , ensuring that business assets were safe at all times – something that is crucial in the healthcare industry where every second in identifying and stopping breaches is vital.
From Proof-of-Concept to Results
Cardinal Innovations implemented CrowdStrike’s endpoint protection solution and within months they have already reaped benefits from the endpoint visibility provided – allowing the detection and prevention of multiple attacks in record time. “Instead of the days, weeks or months it would have taken us to detect an issue, we are now responding within minutes,” noted Currier. In two recent phishing attacks, CrowdStrike alerted Cardinal Innovations to the attack and allowed them to remove malicious emails from their mail server – a reaction time that went from days to minutes. This type of reaction and response saved Cardinal Innovations from multiple infections and made cleanup significantly easier. The CrowdStrike Platform provided details into who opened the attachment, as well as the capability to reconstruct the events of the attack.
CROWDSTRIKE HELPS HEALTHCARE ORGANIZATIONS PROTECT
THEMSELVES AND THE PATIENTS THEY SERVE
Healthcare organizations have a duty to protect assets and PHI, while adversaries continue to develop new methods that traditional tools are unable to prevent or detect. Monitoring information assets using the CrowdStrike Falcon Platform helps Cardinal Innovations better understand the adversary tactics, ultimately providing better protection for the vast store of PHI inside their organization. “To healthcare organizations who have yet to implement next-generation endpoint protection measures like those offered by CrowdStrike,” Murphy emphasizes, “I hope you follow our lead, because you can’t defend against what you can’t see or combat an adversary that is unknown.”
Cardinal Innovations Healthcare Solutions is a managed care organization currently covering 2.4 million individuals in North Carolina. Cardinal Innovations provide access to high quality services through a comprehensive network of more than 1,100 of the best providers across the state. They are currently North Carolina’s largest Medicaid managed care plan with over 350,000 enrollees in 16 counties.
Mission, Vision and Core V alues: Cardinal Innovations creates and manages quality solutions for people who depend on the public system for care. Their vision is a community where each person is welcomed, respected and valued. Cardinal Innovations core values support this mission and vision through four key components: Accountability, Integrity, Excellence and Partnership.
The healthcare industry is a key target for adversaries, with the street value of personal healthcare information (PHI) at an all-time high. Unlike financial institutions and other sectors, the data healthcare institutions are charged with protecting goes well beyond just names, addresses and credit card information—health information, social security numbers and myriad other sensitive information are all desirable targets to adversaries. With numerous endpoints to monitor and secure, Cardinal Innovations had little to no visibility across their systems, and recognized that their traditional layered defenses were not adequately protecting their corporate assets.
Cardinal Innovations needed to find a comprehensive solution that not only provided visibility across all endpoints and next-generation protection against adversaries, but also a partner they could rely on to provide 24/7/365 monitoring and support—something Cardinal Innovations knew they themselves were unable to provide.
CrowdStrike offers the only true SaaS endpoint security solution, providing next-generation endpoint protection, intelligence, and services focused on preventing damage from targeted attacks. The 24/7/365 Security Operations Center removes the burden from organizations struggling to maintain real-time monitoring, prevention, and immediate to intrusions.
WHY CARDINAL INNOVATIONS HEALTHCARE
SOLUTIONS CHOSE CROWDSTRIKE
CrowdStrike next-generation endpoint protection platform provides Cardinal Innovations with complete visibilily into all activity at the endpoint level and enables them to know exactly what’s getting through their existing layered defenses. CrowdStrike Falcon detects, prevents, and responds to attacks, at any stage – even malware-free intrusions. CrowdStrike’s highly scalable subscription-based business model allows Cardinal Innovations to use CrowdStrike as a Service to multiply their security team’s effectiveness and expertise with 24/7 endpoint visibility, monitoring, and response.