Case Study

How Varonis Helped a Large Regional Healthcare System Lock Down Over 500,000 HIPAA Hits

11 TB

of overexposed data

>500,000

exposed HIPAA hits

1,500

end users

“Automation Engine has, in magnitudes of a hundred times or more, simplified how fast we can get through folder clean-up and remediation. It’s hard to quantify exactly how much time it has saved us because, in a matter of months, it completed remediation tasks that would take us over three years to do manually.”

Engineer, Security, Regional Healthcare System

Challenge

A Data Risk Assessment revealed over 11 TB of overexposed data—318,357 folders, 504,162 HIPAA hits, and 16,292 Social Security Numbers were open to everyone.

Their need for data security was urgent—more urgent than they could keep up with. By
their prediction, it would take their small security team over 3 years to fix manually.

“Seeing those numbers was gut-wrenching. We knew some areas were in bad shape, but I had a few sleepless nights after I saw exactly how bad it was.”

Engineer, Security, Regional Healthcare System

Solution

  • Rein in out of control Global Group Access: Automation Engine automatically finds and fixes folders with Global Group Access. It performs dependency checks, gives you a preview of results before running the job, and allows you to quickly roll back if a mistake is made.
  • Permissions remediation: Manual remediation is time-consuming and vulnerable to human error. Broken ACLs and other mistakes often creep into shared drives as a result. According to the customer, "I don’t think we could have finished fixing permissions without Automation Engine. It would have taken years.”
  • Continuous monitoring and alerting on data and systems: DatAlert helped them stop a potential security threat that started when an administrative user opened a phishing email. DatAlert flagged the volume of emails as suspicious, and the Varonis Incident Response team helped investigate the issue.

“Automation Engine is helping us go through years’ worth of data and
limit access to the users who need it. It’s moving all of our folders away
from Global Group Access.”

Engineer, Security, Regional Healthcare System

Read more

Get the full case study and read how this healthcare provider uses Varonis to protect sensitive data and maintain least privilege.

Download PDF

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.