Case Study

How the University of Maryland School of Medicine identifies, classifies, and secures sensitive data with Varonis


and PII data




regulation requirements

Before Varonis, we really didn’t have any way of knowing where sensitive data was located or what type of sensitive data we had in our network....What we didn’t realize before implementing Varonis was just how much of that data we actually had stored in random locations.

Scott Stefan, Executive Director of Information Services, University of Maryland School of Medicine


The University of Maryland School of Medicine needed better visibility into the different types of sensitive data that its employees and students were storing across their file systems. Regulatory requirements necessitated that the school’s IT department regularly audit and report on who was accessing sensitive data, when and where, and they had no way of doing so.

With Varonis, we are now easily able to see exactly what kind of data we have, and it has been very eye-opening. In addition to protected health information (PHI) we naturally have sensitive information of other types that everybody else has too, such as social security numbers and credit card information.

Scott Stefan, Executive Director of Information Services, University of Maryland School of Medicine


  • Gain visibility into sensitive data, where it's located, and who has access: The University of Maryland’s School of Medicine’s IT team can now easily see exactly what types of sensitive data they have, where it lives, and who has access to it all from one easy-to-use interface.
  • Receive detailed, fast and crucial insight into sensitive data: Just a few days after implementing Varonis, the team began receiving audit reports that opened their eyes to the location and vulnerability of sensitive data in a way that they could never have accomplished manually.
  • Maintain data security and transparency in the cloud: Varonis DatAdvantage played a crucial role in getting everyone at the school more comfortable with the migration of this data to the cloud, because Varonis’ compatibility with Microsoft Office 365 allows for the same DatAdvantage capabilities, such as reporting on access and being able to classify data in the cloud.

Because of the type of data we store as a medical school, moving to the cloud is scary for a lot of folks. Having a product like Varonis that can give us the same type of reporting on when people access files and where, makes having to move some of our data to Office 365 a lot easier for us to sell to all levels of the organization.

Scott Stefan, Executive Director of Information Services, University of Maryland School of Medicine

Customer Profile

  • Customer: University of Maryland School of Medicine
  • Industries: Education, Research and Healthcare
  • Location: Baltimore, Maryland, U.S.

Varonis Products

See what UMD SOM uses to help protect their sensitive data.

Read more

Read the full case study and see how UMD SOM uses Varonis to receive crucial insight into sensitive data - protecting PHI and PII from data breaches, meeting regulatory compliance, and preparing data to move to the cloud.

Download PDF

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.