Bethesda Health Group Gains Security

Visibility and Strengthens HIPAA Compliance

with the AWN CyberSOC™ Service

CASE STUDY

BUSINESS

Bethesda Health Group (https://www.bethesdahealth.org/) provides exceptional senior living, care and services through its retirement communities, skilled nursing home communities, and home- and community-based services in the St. Louis area.

CHALLENGES
  • Limited security expertise to support geographically- dispersed locations
  • Lack of comprehensive cybersecurity visibility
  • Compliance with HIPAA HITECH healthcare mandates
RESULTS
  • Comprehensive visibility across all locations and resources
  • Flexibility to adapt to changing environments
  • Reporting to help achieve compliance

“Arctic Wolf’s turnkey SOC-as-a-service provides us with advanced threat detection and response capabilities at a fraction of what it would cost to do it ourselves. AWN CyberSOC’s Concierge Security™ model works perfectly for our IT team, which previously had no dedicated security resources.

Joshua Sharp, Director of Information Technology, Bethesda Health Group

Protecting Residents’ Personal and Health Information

Bethesda Health Group (BethesdaHealth.org) is the premier provider of senior care and services in St. Louis. It operates 14 independent living, assisted living, and skilled nursing and memory communities in the St. Louis area. While it seeks to maintain an optimal security posture to minimize risk to sensitive data of both the organization and its residents, Bethesda is also required to comply with the Health Insurance Portability and Accountability Act (HIPAA) and must ensure that appropriate processes are in place to maintain compliance.

With more than 1000 employees, Bethesda’s IT infrastructure includes more than 700 workstations and laptops, 100+ servers, 100+ routers and switches, and 1500+ Active Directory (AD) accounts for users located in all 14 physical locations. Overseeing the network and the organization’s many SaaS applications provided quite a security challenge for the company’s small IT team, as it didn’t have a dedicated security engineer on staff. Instead, that responsibility was spread among several staff members who had no formal security training, nor did they have the necessary tools in place to allow them to efficiently monitor the environment and take timely action on the security alerts.  This proved to be a very inefficient and labor-intensive process.  The volume of alerts in an organization of Bethesda’s size can be overwhelming, so identifying all the incidents that required immediate action was a daunting task for this team.  Management recognized they needed to identify a solution quickly.

Protecting sensitive patient data required for HIPAA compliance was also a key challenge for Bethesda. The organization needed reporting to demonstrate compliance with HIPAA HITECH mandates for electronic protected healthcare information. Bethesda considered different options for monitoring and responding to security events. Rather than building their own security operations center (SOC) on premises, however, the Bethesda IT team selected Arctic Wolf’s AWN CyberSOC™ service.

Deployment was simple, straightforward and completed in minutes. The Arctic Wolf sensor arrived preconfigured and was ready to plug into the network to collect logs and network flow data. Bethesda’s IT team worked with Arctic Wolf’s Concierge Security™ team to customize the service to its exact operational and security requirements.

Outstanding Results Across the Board

Bethesda saw some immediate benefits from the service. The IT team quickly discovered:

  • Users were visiting a known malicious site
  • Endpoints sending out traffic that appeared abnormal
  • A phishing attack that compromised corporate Dropbox credentials

Prior to AWN CyberSOC’s deployment, the team couldn’t investigate these potential indicators of compromise. Each of these threats was detected and researched by the Concierge Security team, which presented Bethesda’s IT team with a clear action plan on how to reduce or eliminate the risk.

Today, the AWN CyberSOC™ service provides the highest level of security, identifying potential threats while avoiding the noise of false positive alerts.

Just as important, Arctic Wolf helped Bethesda reach its HIPAA compliance goals by adapting to Bethesda’s changing environment. Generating reports for senior management and compliance was simplified using AWN CyberSOC ‘s standard and custom reporting. Weekly external assessments on the public-facing infrastructure provide Bethesda with vulnerabilities that need to be addressed. And regularly scheduled security posture reports provide senior management the confidence that the organization always has vigilant cybersecurity.

Arctic Wolf has delivered Bethesda advanced security at far less cost than if it had built a security operations center in-house. Around-the-clock SOC staffing would require eight to 12 security engineers alone. In fact, the cost of the service is estimated to be a small fraction of the cost of deploying and managing a SOC internally.

Talk to an Expert

Have questions or want to find out more about how AWN CyberSOC
will improve your workflow and security infrastructure?