Layered Defense Protects Patients

Introduction

Veradigm is a healthcare IT company that provides electronic health record systems and other solutions to a variety of medical organizations ranging from small physician practices to some of the world's largest insurance and pharmaceutical companies. Serving roughly 10,000 customers in a highly regulated industry, security is critical for Veradigm's success. Much is at stake when it comes to the confidentiality, integrity, and availability of patient information. With Cisco, Veradigm has been able to reduce its incident response time from weeks to just days.

Secure cloud migration

In a highly regulated industry like healthcare, the security of confidential data is crucial—not just for the protection of organizations, but for the delivery of patient care. "In healthcare, data must be available all the time, on demand, with high fidelity, and also available to no one—all at the same time," said Jeremy Maxwell, chief information security officer (CISO) for Veradigm. "Once healthcare information is breached, there's no going back. It's not as simple as just canceling a credit card, for example."

When moving its infrastructure to the cloud several years ago, Veradigm knew it needed security solutions that could properly safeguard its updated infrastructure and sensitive data. The company decided to take a layered approach by using several Cisco Secure technologies.

With Cisco Secure Email Threat Defense, Veradigm gained another level of security for safeguarding its Microsoft 365 environment against phishing and other attacks. Meanwhile, Cisco Secure Network Analytics provides the company with in-depth visibility into network traffic while Cisco Umbrella delivers multiple levels of defense against internet-based threats.

Additionally, Cisco Secure Endpoint offers Veradigm advanced, cloud-delivered endpoint protection. And on the services side, Veradigm works closely with Cisco Talos Incident Response (CTIR) for fast, effective incident response. Talos is one of the most trusted threat intelligence groups in the world.

"There are no silver bullets in security; it's all about a layered defense," said Maxwell. "With Cisco, we are able to interact with all steps in the kill chain. For example, we can inspect suspicious emails with Cisco Secure Email, quarantine malicious files with Cisco Secure Endpoint, stop command-and-control activity with Cisco Umbrella, and use Cisco Secure Network Analytics to see where an attacker is trying to pivot to from an initially compromised workstation. All of these tools work together to prevent a worst-case scenario."

Collaborative incident response

Veradigm engages with Cisco Talos through the group's Incident Response services. "Our in-house incident response team has various specializations, but they don't respond to incidents daily like Talos does," said Maxwell. "We chose to work with Talos due to that in-depth expertise, as well as our familiarity with the Cisco toolset."

Veradigm worked alongside Talos to build its incident response playbook and subsequently collaborated with the Talos team on tabletop exercises to prepare for different cyberattack scenarios. According to Maxwell, this preparation is key in the "fog of war."

"In the midst of an incident, Talos helps keep us on track in executing the playbook," he said. "If you don't have an established relationship with an incident response provider when an attack is active on your network, you've already lost."

Avoiding a worst-case scenario

Maxwell described a specific attack attempt at Veradigm in which an attacker tried to access the company's development environment using spear phishing. When the targeted user clicked on the fraudulent message, the Veradigm security team immediately received alerts from Cisco Secure Endpoint.

Veradigm quickly engaged Talos to help quarantine the attack. By working with in tandem with Talos using tools that included Cisco Secure Endpoint and Cisco Umbrella, Veradigm successfully avoided harm to its organization and customers.

"The opening minutes, hours, and days of an incident are precious, and having the right framework can help tremendously in limiting any potential damage," said Maxwell. "Talos already knows about our company's processes and procedures, which factors out a lot of complexity in the middle of an incident." With Cisco, Veradigm has been able to reduce its incident response time from weeks to just days.

"The availability of medical records is critical, and many healthcare institutions have unfortunately fallen victim to ransomware and other attacks that have taken their systems offline for long periods of time," said Maxwell. "This type of situation has very real consequences when it comes to patient safety."

The future of security with artificial intelligence

According to Maxwell, Veradigm looks forward to collaborating with Cisco and Talos on next-generation security strategies such as artificial intelligence (AI). "Cisco has a vast network of cyber signals, and using that to feed an AI system could be really powerful," he said. "We look forward to growing our relationship with Cisco in the future to leverage this scope."