Protecting Residents’ Personal and Health Information
Bethesda Health Group (BethesdaHealth.org) is the premier provider of senior care and services in St. Louis. It operates 14 independent living, assisted living, and skilled nursing and memory communities in the St. Louis area. While it seeks to maintain an optimal security posture to minimize risk to sensitive data of both the organization and its residents, Bethesda is also required to comply with the Health Insurance Portability and Accountability Act (HIPAA) and must ensure that appropriate processes are in place to maintain compliance.
With more than 1000 employees, Bethesda’s IT infrastructure includes more than 700 workstations and laptops, 100+ servers, 100+ routers and switches, and 1500+ Active Directory (AD) accounts for users located in all 14 physical locations. Overseeing the network and the organization’s many SaaS applications provided quite a security challenge for the company’s small IT team, as it didn’t have a dedicated security engineer on staff. Instead, that responsibility was spread among several staff members who had no formal security training, nor did they have the necessary tools in place to allow them to efficiently monitor the environment and take timely action on the security alerts. This proved to be a very inefficient and labor-intensive process. The volume of alerts in an organization of Bethesda’s size can be overwhelming, so identifying all the incidents that required immediate action was a daunting task for this team. Management recognized they needed to identify a solution quickly.
Protecting sensitive patient data required for HIPAA compliance was also a key challenge for Bethesda. The organization needed reporting to demonstrate compliance with HIPAA HITECH mandates for electronic protected healthcare information. Bethesda considered different options for monitoring and responding to security events. Rather than building their own security operations center (SOC) on premises, however, the Bethesda IT team selected Arctic Wolf’s AWN CyberSOC™ service.
Deployment was simple, straightforward and completed in minutes. The Arctic Wolf sensor arrived preconfigured and was ready to plug into the network to collect logs and network flow data. Bethesda’s IT team worked with Arctic Wolf’s Concierge Security™ team to customize the service to its exact operational and security requirements.