Palisade Systems DLP Technology Deployed By Gibson General Hospital To Protect Electronic Medical Records

Main Category: IT / Internet / E-mail
Also Included In: Medical Practice Management;  Compliance
Article Date: 23 Apr 2009 - 4:00 PDT

email to a friend   printer friendly   opinions  

Palisade Systems, a leading provider of data loss prevention products and services, announced today the addition of a new healthcare customer, Gibson General Hospital, that is using its data loss prevention technology, PacketSure, to protect its patients' records. Gibson General Hospital represents a growing list of Palisade healthcare customers that are deploying its data loss prevention technology in order to ensure that they comply with HIPAA compliance policies that deal specifically with the security and privacy of patients' electronic medical records (EMR).

Gibson General Hospital, located in Princeton, Indiana, serves a large rural area in southwest Indiana with advanced medical services, including emergency care, rehabilitation, diabetes care, radiology, sleep diagnostics, orthopedics, home health care, and more. The hospital employs six full-time physicians and approximately 350 other full and part-time support staff. A few months ago, Director of Information Services, Steve Rausch, began researching data loss prevention solutions since the hospital didn't have one in place - a potential security problem. Rausch wanted to ensure HIPAA compliance by making sure that patients' personal health information was not leaving their network without proper authorization. Another major area of concern was the Internet - Rausch needed a way to monitor usage to ensure that employees were not accessing unsecure sites and were not taking up bandwidth needed by staff to perform necessary job functions.

STOPPING OVERSEAS HACKERS WITH PALISADE'S PACKETSURE

Rausch began testing several vendors' DLP solutions on Gibson General's network, and installed PacketSure to monitor the data being sent outside the network. Following the installation, Rausch discovered a notification indicating that an ICQ message (a form of online instant messaging) had been sent by the hospital's email server system to an outside IP address. Since Gibson General's IT staff doesn't use ICQ, Rausch and his IT support staff immediately began running reports from PacketSure and researched the destination IP address. They found that the IP address belonged to a company based out of India. Additionally, they discovered that the email server was frequenting websites from Russia that utilized ICQ Messaging, and the PacketSure reports showed that a huge amount of data in small packets was being pumped out of the hospital's server and sent to servers all over the world, indicating that the hackers were trying to use Gibson General's network as an email relay station to disseminate spam emails.

The hackers had already created two "users" on the network's email server - a potential data breach and HIPAA violation nightmare. Because of the early detection thanks to Palisade Systems' PacketSure, Rausch and his staff turned on the appliance's blocking feature, which immediately stopped the transmission of data outside the network, thus preventing the leaking of their patients' sensitive data.

"If PacketSure hadn't been installed on our network monitoring our outbound communications at the time of the hack, our customers' most sensitive data - their personal medical records - could have been compromised. It turned a potential serious issue into a non-event," said Steve Rausch. "PacketSure's great performance in detecting and remedying the hack, as well as additional features, such as the data-at-rest module we're preparing to deploy, make it a perfect fit for a healthcare organization."

"Gibson General's experiences are a great example of how PacketSure is the industry's most highly customizable DLP solution that's ideally suited to the diverse needs of the SMB market," said Christian Renaud, CEO of Palisade Systems. "With PacketSure, Gibson General can be assured that it stays HIPAA compliant and has the highest level of protection to keep both their patients' sensitive data and their own network from being compromised."

About Palisade Systems, Inc.

Palisade Systems, Inc., is the leading pioneer of enterprise content security and data loss prevention (DLP) solutions, with over 800 domestic and global customers. Palisade's patented DLP product, PacketSure, is the industry's only all-in-one appliance that can be installed and running in less than one hour; a cost savings to customers of hundreds of thousands of dollars. PacketSure helps organizations proactively secure intellectual property and private client information from leaking outside the network, define and enforce access to internal network resources, and enforce compliance with federal privacy and industry security regulations. Palisade Systems customers include prominent clients in healthcare, financial services, insurance industries, along with universities and school districts.

Source: Palisade Systems, Inc

• Additional
• References
• Citations