The Baruch Padeh Medical Center in the Northern District of Israel provides a wide range of high-quality healthcare services to people all over the country. Today, the center has over 1,500 employees and over 40 contractors.
Baruch Padeh collects lots of medical and personal records of their patients and needs to protect this data. Since all vendors have access to the center’s computer network, the customer was looking for a way to control and secure this access.
- Improve the IT management of third-party access
- Reduce the risk of third-party insider threats
- Mitigate data security risks by responding to suspicious activity
- Ensure the security of sensitive data
As the organization’s activity increased, so did the number of vendors
that needed to connect to the network, and managing the allocation of
users and passwords became more complicated and time-consuming than
managing the computer system. In addition, we had no ability to monitor
what each provider was doing on the network and make sure they weren’t
connecting to servers they were not authorized to connect to or performing
operations they weren’t authorized to perform. The inability to monitor and
document these actions reduced the level of information security and
increased the risk of data breach incidents.
Our customer had very limited capabilities for third-party activity monitoring and access management. When a vendor needed to connect to the organization’s network, they requested credentials from the center’s IT administrators, who had to manually create and manage these credentials. After that, the administrators had no visibility into the vendor’s actions with sensitive resources.
The need to manually provide credentials to more than 40 vendors created a huge overhead for the medical center’s IT department. Also, limited visibility into contractor actions threatened the security of patients’ medical records and left the medical center with zero capabilities to detect and respond to a security incident.
That’s why the medical center was looking for vendor risk management software to automate and enhance their data protection capabilities.
Deploying Ekran System helped the customer achieve the following results:
- Centralized and quick configuration of access permissions
- Automated and convenient management of access rights for third-party users
- Ability to review and investigate third-party activity with sensitive data
- Ability to collect evidence of security incidents caused by third-party users
- Possibility to detect and stop harmful activity in real time
- Reduсed chance of security-related risks