Would you know if

1
Would you know if

• A trusted employee pasted confidential patient
  information into a webmail message and sent it an
  insurance company?
• An employee downloaded hacker tools to their work
  computer with the intention of stealing your
  patients private data?
• An employee posted your confidential executive
  communications or financial data on
  www.internalmemos.com or some other internet
  posting site like Yahoo Finance?
• An employee is using a P2P client and is
  inadvertently exposing your proprietary
  information to millions of other P2P users?

2
Leadership Validation
Vericept's Information Protection Solution
focuses on inappropriate content and prevents it
from being communicated through the vast array of
Internet communication vehicles available to most
employees. The significant risks associated with
webmail, IM and P2P applications, combined with
the mounting pressure to secure the privacy of
patient information, can make Vericepts solution
a robust fit for Healthcare organizations.
- Brian Burke
3
Sample Healthcare Customers Who Trust Vericept
4
Customer Feedback
Vericepts Health Information Protection behaves
much like a linguistic firewall, identifying
unauthorized communication of PHI. It is helpful
to be able to alert our staff to actions that
could be deemed in violation of the new privacy
rules and our Appropriate Use Policy. Our
patients deserve the best care we can provide,
including respect for their privacy. - Dave
McClain Information Systems Security
Manager Community Health Network
Vericept has consistently met my expectations
and in many cases exceeded them. The install was
effortless and generally just sites there and
does its job. I would highly recommend it to
anyone who has a need for protecting both network
assets and confidential information. -Jason
HerrenNetwork Security Administrator Source
Medical
5
Customer Feedback
Vericept further strengthens our extensive,
existing privacy protection controls, helping us
proactively monitor both external and internal
communications that could potentially impact the
security and confidentiality of customer
information. -Patrick Enyart Manager for
Information Security Operations SunTrust

• This resource is an invaluable tool to address
  the insider threat in this nations nuclear
  weapons complex. Protecting our nations nuclear
  secrets has just become easier.
• Warren UdyCyber Security Program Manager
  National Nuclear Security Administration -
  Department of Energy

6
Case Brief 3 Healthcare Productivity

• Situation
• The public health department of a major US city
  is under intense pressure to cut costs.
  Organization executives have zeroed in on
  employee productivity as one area to examine for
  potential cost savings
• The challenge posed to the departments IT staff
  was to develop a way to monitor employee
  activities, gather statistics and actual examples
  of individual work effort, and then analyze the
  results with an eye toward reductions in manpower
  levels and corresponding budget savings, while
  maintaining quality of services

• What They Did
• The departments IT staff was already using
  Vericept Solutions to track and monitor the
  groups network and Internet activity for
  inappropriate release of patient health
  information and sensitive data. They decided to
  set up the Vericept solution to begin tracking
  individual work statistics.
• Goal Identify where the sensitive information
  was leaking out and identify the Who, What ,
  Why, Where and How of the significant risk

7
Case Brief 3 Healthcare Productivity (contd)

• The Results
• In just one years time, the department was able
  to identify and eliminate 24 positions solely
  through the information collected by Vericept
  Solutions
• These were not employees who were fired and
  backfilled, but people who were doing so little
  work that the organization was able to eliminate
  their positions entirely without affecting
  quality of care

• The Return on Investment
• Based on a 40,000 fully loaded salary, this
  represented an 896,000 ROI for the health
  department for one year
• Not only has the department saved taxpayers a
  considerable sum, they now have a better
  understanding of individual employees
  contributions to the departments productivity
  goals

8
Case Brief 7 PHI Detection

• Situation
• A community hospital in the Midwest had two
  seemingly unrelated problems they were facing
• This reputable hospital wanted to ensure its hard
  earned, trusted reputation was not subjected to
  unnecessary risk from inadvertent or intentional
  leaking of patient health information. It also
  wanted to ensure it was compliant with the
  Privacy Rules

• What They Did
• The Security Department concluded a monitoring
  and filtering combination solution was the most
  effective strategy to ensure compliance and
  increase productivity
• They decided to implement the Vericept solutions
  to identify all instances of PHI leaving the
  network, block inappropriate web sites and
  monitor for all other activity falling outside of
  the Appropriate Use Policies (AUP)
• Established a Governance Usage Board to review
  all violation of their AUP

9
Case Brief 7 PHI Detection (contd)

• The Results
• The hospital immediately identified a vendor
  system that was sending out unencrypted PHI a
  clear violation of HIPAA
• The hospital notified and worked with the vendor
  to fix the problems
• Bandwidth was dramatically reduced by filtering
  out the inappropriate website traffic

• The Return on Investment
• The hospital has been able to reduce their
  bandwidth costs by significantly reducing their
  unsanctioned usage
• The hospital now has comprehensive visibility to
  their network traffic and a tighter internal
  controls on how sensitive information is handled
• By the customers account, the project has been a
  great success!

10
Case Brief 9 HIPAA Compliance / AUP

• Situation
• The Network Engineer, believed the existing
  security, infrastructure including a firewall and
  url blocker, were effectively enforcing the
  Acceptable Use Policy (AUP) and ensuring
  compliance with HIPAA regulations.
• The Exposure Assessment was performed to verify
  compliance, it yielded unexpected and staggering
  results and demonstrated that the URL blocker and
  firewall were ineffective. The Network Engineer
  needed comprehensive visibility to the problems.

• What They Did
• The hospital installed Vericepts solution to
  proactively monitor all internet communications.
  Specifically, the organization implemented
  Vericept to significantly improve the network
  security strategy by providing overall
  visibility, closing the large gaps left by the
  URL blocker and firewall.

11
Case Brief 9 HIPAA Compliance / AUP (contd)

• The Results
• During the first two weeks, the hospital made a
  concerning discovery. Extensive peer-to-peer
  file sharing activity and the presence of
  peer-to-peer super nodes were draining network
  bandwidth
• Vericept uncovered numerous violations of the
  hospitals AUP including instant messaging and
  substantial content downloading containing
  pornographic content

• The Return on Investment
• Peer-to-peer file sharing drastically reduced the
  speed of the hospitals network. The elimination
  of the top offenders increased network processing
  speed by 30 and saved the hospital 120,000 per
  year in salary costs alone
• These significant changes provided the hospital
  with the equivalent of nine additional employees
  each year. At an average salary of 40,000 per
  year, that is an additional overall savings of
  360,000 annually