To protect patient data across its fast-growing organization, MyEyeDr. wanted greater visibility into who was accessing what resources and the ability to more quickly correlate and analyze log data.
To help protect patient data across its fast-growing organization, MyEyeDr. deployed an integrated security framework that delivers greater insight, intelligence and control across its environment. Today, MyEyeDr. IT staff can more effectively govern data access, manage mobile devices, and uncover anomalies that may signal a security threat.
Increasedvisibility into advanced threats by using sophisticated analytics to uncover anomalies
Uncoversthreats more quickly by reducing analysis of data from weeks to near-real time
Acceleratescompliance reporting for HIPAA and PCI through out-of-the-box reports
Business challenge story
Effectively protecting patient data amid rapid growth
Since its founding in 2001, MyEyeDr. has grown rapidly through acquisition. In 2016 alone, the company is adding another 200 offices to serve patients. With this growth, one of the challenges IT staff faced was effectively managing and monitoring access to patient information.
“When we were a smaller company, we had a number of processes in place to root out unauthorized access,” says James Davenport, IT director, MyEyeDr. “However, as we’ve grown into a larger enterprise, those manual processes couldn’t provide the visibility we needed and it would take us weeks to go through and analyze the data.”
Strengthening security with advanced analytics and an integrated framework
Davenport met with IBM Business Partner SPS to review the company’s security needs.
“We explained our pain points and SPS took the time to understand our business and what we wanted to achieve,” says Davenport. “We looked at a number of products, and we found that IBM Security solutions provided us with the flexibility and integrations that we absolutely needed.”
He adds, “The key thing is to identify the threat and remediate it before data can be stolen. IBM Security solutions give us visibility when a threat is actually happening, so we’re able to respond quickly and resolve the issue before data theft can occur.”
SPS provided implementation and configuration services to help Davenport’s team gain faster time-to-value. The solution spans data security and protection, password management, mobile device management, and security intelligence and analytics, and includes the following:
IBM® Security Guardium® solution, which continuously monitors and audits access to databases, provides daily reports and alerts, and helps prevent privileged users from performing unauthorized actions. “The Guardium solution enables us to monitor database access and report back to a central location so that we can confirm that no inappropriate access to the data is being made,” says Davenport.
IBM MaaS360® platform, which helps IT staff manage employee mobile devices. “We allow users to use their own smartphones and tablets, but need to retain control of the intellectual property that belongs to MyEyeDr.,” says Davenport. “With the MaaS360 platform, we can require security settings on the device, remotely wipe the device if it’s lost or stolen, and remove corporate data or intellectual property from the device when the employee leaves.”
IBM Security Privileged Identity Manager, which helps Davenport’s team manage credentials for 54 insurance sites and across all its offices. “One HIPAA [The Health Insurance Portability and Accountability Act] concern is employee access of patient data outside the office,” says Davenport. “With Privileged Identity Manager we’re able to monitor and track use of administrator credentials to help thwart insider threats.”
IBM QRadar® SIEM, which consolidates log events, network flow data, and security information, and then uses advanced sense analytics to detect anomalies, uncover advanced threats and remove false positives. “We can roll all the data from our network and the IBM security solutions up into QRadar so we have a complete dashboard of what’s going on within the organization,” says Davenport.
Rapidly detecting and remediating potential threats
Working with IBM and SPS, MyEyeDr. gained the visibility it needed to protect patient information and stay ahead of threats. An integrated security framework and advanced analytics help MyEyeDr. IT staff quickly uncover anomalies that previously could be overlooked.
“Before, it would take us weeks to go through and analyze the data,” says Davenport. “Now, we get reports in real time so we can respond very quickly. I can see who’s accessing what, when, how and how long, and what they’re doing with the data—information that I didn’t have before.”
Compliance reporting is also much faster and easier.
“We are subject to not only HIPAA regulations but also PCI [Payment Card Industry] regulations and have to recertify every year,” says Davenport. “The IBM Security solutions make it very easy to deliver reports to auditors as the reports we need are built right into the applications.”
Ultimately, for Davenport, creating a strong security posture is necessary to maintain patient trust. “Patients trust that we will take care of their personal information and IBM Security solutions help us to keep the trust of our patients, which makes our practice grow,“ he says.
MyEyeDr. is one of the fastest growing optometry companies in the United States, serving approximately 1.8 million active patients. The company offers its patients full-service vision care, and a wide selection of prescription eyeglasses, sunglasses and contact lens.
- Guardium File Activity Monitor
- QRadar SIEM