Case Study

How Varonis Helped a Regional Healthcare Network Lock Down At-Risk PII and PHI Across Their Hybrid Cloud

DSAR

simplification

>2,500

employees

HIPAA

compliance audits

“If you work within a regional healthcare network, and your organization is poised for growth like we were, you need a way to prove that you have visibility and control over your unstructured data. If you don’t have a solution like Varonis, you open yourself up to a lot of risk.”

Network Admin, IT Department, Regional Healthcare Network

Challenge

As a business operating within the healthcare industry, keeping track of sensitive data
was especially important. It was their responsibility to ensure data privacy for all Personally Identifiable Information (PII) and Protected Health Information (PHI), both of which are protected under HIPAA.

The organization had data spread out across on-premises servers, saved on employees’ computers, archived in email folders, and housed in the cloud. A lack of visibility and control was putting over 2,500 employees at risk and jeopardizing HIPAA compliance.

They purchased Varonis to help identify, protect, retrieve, and discover highly sensitive
data in their network.

“If you work within a regional healthcare network, and your organization is poised for growth like we were, you need a way to prove that you have visibility and control over your unstructured data. If you don’t have a solution like Varonis, you open yourself up to a lot of risk.”

Network Admin, IT Department, Regional Healthcare Network

Solution

  • Visibility and Control for PHI & PII Data: DatAdvantage gives visibility into where data lives, who has permission to access it, and who is actually accessing it. Data Classification Engine automatically scans and classifies their data stores for sensitive information, including PHI, PII, financial records, and other HIPAA-regulated data. Data Transport Engine helps ensure that sensitive data stays secure and that it is properly moved, archived, quarantined, or deleted based on predetermined parameters.
  • Continuous Monitoring and Alerting on Data and Systems: DatAlert provides continuous monitoring and alerting for their on-prem data stores. According to the Network Admin, having a behavior-based threat detection system gives them tremendous peace of mind.
  • Streamlined Compliance and e-Discovery: DatAnswers is an elevated search function that simplifies compliance and e-discovery. It helps the Network Admin fulfill data subject access requests (DSARs) by making it easy to pinpoint files containing PII, PHI, and other HIPAA data.

“To be honest, I don’t know how we would meet regulatory requirements
without Varonis. The tools that Windows gives you natively aren’t
enough—system and application event logs don’t get into the weeds of
who is doing what in your file shares the way Varonis does.”

Network Admin, IT Department, Regional Healthcare Network

Customer Profile

  • Industry: Healthcare
  • Location: U.S.

Read more

Get the full case study and see how this healthcare network uses Varonis to protect sensitive data.

Download PDF

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.