New security tech enables 75% cost avoidance for Oregon radiologists

Central Oregon Radiology Associates, Cascade Medical Imaging and Central Oregon Magnetic Resonance Imaging collectively exist to provide the full scope of quality diagnostic imaging services to the Central and Eastern Oregon communities.

They support more than 8,000 referring physicians across more than 50 locations and perform more than 400,000 studies a year, serving as the PACS platform for all the services, providers and locations.

THE PROBLEM

When Richard Stepanek joined CORA in January 2020 as CIO, his charge was to add focus to the security posture of the organization and ensure it was well positioned to support its PACS customers, radiologists and, of course, patients. And to do it as economically as possible – not a surprise to a healthcare CIO.

“This meant we needed to focus on security, business continuity, disaster recovery and keeping the lights on,” he explained. “With this wide-ranging imaging network and limited CORA staff to manage and monitor the exchange of images along with the related patient information, we needed better insight into all facets of what was happening.”

With all of the cyberattacks targeting healthcare, security was a primary driver at CORA.

“We knew we couldn’t hire enough staff to fill out a security team, so we needed the right tools and services to add robustness to our stack,” Stepanek said. “When you’re sitting on top of more than half a million patient records and millions of sensitive images, you have to make sure you’re taking all the steps necessary to protect them.

“Security needs to thread through everything we consider for our organization,” he continued. “We needed a tool to extend the capabilities of the team, but also filter out noise so they could focus on what really matters to protect our critical data.”

PROPOSAL

To meet these needs, CORA turned to ExtraHop, a security company focusing on cloud-native network detection and response.

“We needed to improve our coverage to 24/7 and add the insight of an SIEM,” said Stepanek. “I started with the notion of outsourcing the whole thing to an MSSP. The price tags were shocking, truly an outsized spend for our operation. 

“We quickly realized in the first couple of proposals that the costs were well beyond what we could bear,” he added. “Plan B was to build out a hybrid approach where we equipped my team with the right tools and hired someone to provide that after hours perimeter coverage.”

“You can be surgical about fixing versus taking a big hammer to the problem. I don’t have unlimited people and time to throw at a problem, so we need to be efficient about our problem resolution.”

Richard Stepanek, Central Oregon Radiology Associates

Stepanek had prior experience with ExtraHop’s network detection and response (NDR) solution and reached out to his former account executive. Once he was connected with the vendor team for his part of the country, they quickly got to building out a proof of concept.

“It was only a matter of a couple of weeks and we had an operational platform in our data centers,” he recalled. “The learning curve is much longer, but the system was finding opportunities for us almost right out of the box.

“One of my favorite things about the vendor is how it is willing to back its product, and you get to try before you buy,” he added. “Try that with many of the other SIEM vendors. We were able to see in very short order the potential of ExtraHop. We also opted for the DICOM module given our line of business and quickly found utility with that functionality.”

Stepanek said the vendor team came in and understood this, helping him break down silos and solve the challenges his team was facing.

“My team was fascinated with the newfound capability to see our network like we never had before, including the medical Internet of Things, DICOM-specific traffic and all the other hidden gems you find when you can see into the traffic across your networks: Where the data is going, where it is coming from, who is moving it, and is it safe?” he noted.

“I can’t argue with ExtraHop’s statement, ‘The network doesn’t lie,'” he continued. “Deploying ExtraHop Reveal(x) sensors virtual appliances allows us to passively, out of band, acquire insight into virtually all of our network traffic. Performance hasn’t been an issue even with the terabytes of data we move daily.”

The machine learning built into the application enables the CIO’s team to focus on the threats and issues in a top-down approach by severity.

“My one security specialist can view the alerts that need attention and quickly track the threat or activity across the network by connecting users, devices and actions,” he said. “I routinely log into the platform and look at the dashboards to see what is happening.

“We also have the ability to perform a look-back up to 90 days and see what the NDR might have seen,” he added. “If something new comes along, and we want to make sure we are not vulnerable, due to critical CVEs, exploits and zero days, we now can take appropriate action or feel confident in our posture.”

MEETING THE CHALLENGE

Members of Stepanek’s small IT team are the main users of the ExtraHop technology. CORA also has a managed services security provider that monitors the periphery of the network and sees some external pieces and agent-based feeds. ExtraHop gives the CIO’s team the ability to see into all the activity and to collaborate around a single source of truth.

“Two use-cases spring to mind when I think about the value it provides,” Stepanek said. “First, ExtraHop quickly gave us visibility into our third-party application use. We had just started a migration to Microsoft Office 365. Some people fall into bad or old habits, and we could easily see who was using outdated, personal or inappropriate software that often can be a regulatory violation in healthcare.

“Second, it provides a surgical tool for forensics and response – while also helping me underline the value of this for a healthcare organization. If you don’t know the root cause, how do you understand what happened so you can make sure it stops happening? How do you address the impact on your organization? Moving forward, what do you put in place to make sure it doesn’t happen again?”

The CIO needs good information to see where those points occurred to create an action plan. The more granular that data is, the better solutions and options one has to fix things moving forward, he said.

“You can be surgical about fixing versus taking a big hammer to the problem,” he said. “I don’t have unlimited people and time to throw at a problem, so we need to be efficient about our problem resolution.”

RESULTS

CORA had a collection of different tools for monitoring. After implementing the new technology, it immediately was able to consolidate and cut other monitoring tool costs by 75%. Not a net savings, but a huge cost avoidance for an organization that was not accustomed to spending a lot of money on information security.

“I also believe that we have a much better sense of accountability with this model than we would relying on someone else that doesn’t have any skin in the game,” he said. “We realized about 30% cost avoidance/savings on security over getting a fully managed SIEM.

“With our hybrid model, we have some top-notch capabilities in place with ExtraHop. When the team is presented with alerts, we quickly can address them with our one security analyst and small infrastructure team.”

ADVICE FOR OTHERS

Stepanek’s advice: Take action.

“Complacency is going to be costly,” he said. “Everyone knows that attacks on healthcare are happening more frequently and becoming more expensive. You can’t read any news feed without being able to find where another organization has been hit by malware or ransomware.

“Since November 1, 2020, there has been an increase of more than 45% in the number of attacks seen against healthcare organizations globally, compared to an average 22% increase in attacks against other industry sectors,” he continued. “It is incumbent upon healthcare organizations to take security seriously and put both proactive, preventative measures in place alongside tools to detect and remediate threats.”

There are affordable tools and approaches that can fit into an organization’s staff mix, resources and environment, he offered. Healthcare organizations must prepare for when an attack happens, not if it will happen, he insisted.

“Knowing where the data is coming from, where it is moving to and what is happening to it along the way is critical for any good security or operations program to be effective,” he advised. “Network detection and response (NDR) technology is passive and is intuitively how we can get at the source of truth for what is happening in our environments.

“Everything has to be connected today, it only makes sense,” he added. “IT teams need the ability to validate, triage and establish root cause in minutes instead of days, and ideally automate responses via trusted orchestration partners.”

When a CIO gets called up to the board and they want to know how something could have happened, when it happened, how it happened, what happened and who was affected, being able to lay out the root cause will create credibility that will carry weight when one has to make recommendations for future prevention and mitigation, he concluded.

Twitter: @SiwickiHealthIT
Email the writer: bsiwicki@himss.org
Healthcare IT News is a HIMSS Media publication.

Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here

Related Posts
COVID Spikes Vary by Seasons, Temperature Regions: Study thumbnail

COVID Spikes Vary by Seasons, Temperature Regions: Study

Editor's note: Find the latest COVID-19 news and guidance in Medscape's Coronavirus Resource Center. COVID-19 transmission may spike seasonally due to temperature and humidity, increasing at different times of the year in different regions, according to a new study in The American Journal of Tropical Medicine and Hygiene. Colder areas in the U.S., such as…
Read More
[Editorial] 'Saemangeum solar power' preferential treatment for unlicensed companies, the truth must be properly revealed thumbnail

[Editorial] 'Saemangeum solar power' preferential treatment for unlicensed companies, the truth must be properly revealed

한국수력원자력 사옥 전경. 한국수력원자력 제공 한국수력원자력(한수원)이 문재인정부 탈원전 정책의 대표적 사례로 꼽히는 새만금 수상태양광 발전사업 설계를 무자격 업체에 맡긴 것으로 드러났다. 감사원이 17일 공개한 새만금 수상태양광 발전사업에 대한 공익감사 결과에 따르면 한수원은 2018년 10월 30일 수상태양광 발전사업 사업자로 선정됐고, 2개월 남짓 지난 2019년 1월 현대글로벌과 특수목적법인(SPC)을 설립했다. 하지만 현대글로벌은 태양광 설비 설계와 관련해 면허를 전혀…
Read More
Cummins joins Wasim Akram in rare hat-trick list thumbnail

Cummins joins Wasim Akram in rare hat-trick list

By Sabyasachi ChowdhuryPat Cummins picked up a hat-trick when Australia and Afghanistan faced in the T20 World Cup 2024Cummins got the wickets of Rashid Khan, Gulbadin Naib and Karim Janat in St VincentCummins, in the meantime, became only the 2nd bowler to pick up hat-tricks in back-to-back international matchesBack in 1999, Wasim Akram got hat-trick
Read More
"Woman is alien to architecture," said Mussolini.  She proved the opposite thumbnail

“Woman is alien to architecture,” said Mussolini. She proved the opposite

Elena Luzzatto ist nur eine der vergessenen Architektinnen des italienischen Faschismus, aber vielleicht die wichtigste. An der Arbeit: die Architektin Elena Luzzatto Valentini mit einem Werkmodell. Edizioni KappaSie war die erste Architektin Italiens, die an einer Universität ein Diplom erhielt, und sie prägte das Stadtbild Roms ebenso wie ihre männlichen Kollegen: Elena Luzzatto Valentini gelang…
Read More
Aishwarya Rai appears before ED in Panama Papers case thumbnail

Aishwarya Rai appears before ED in Panama Papers case

Bollywood actor Aishwarya Rai Bachchan on Monday appeared before the Enforcement Directorate in Delhi in connection with the Panama Papers case. Aishwarya Rai Bachchan's name featured in the list of 500 Indians in the Panama Papers leak. (File photo)Bollywood actor Aishwarya Rai Bachchan on Monday appeared before the Enforcement Directorate (ED) in connection with the…
Read More
Index Of News
Total
0
Share