Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

At MedAvant, Security Helps Pay the Bills

Healthcare billing and payment processing company implements PortAuthority software to stop unauthorized traffic

Some companies in the healthcare industry worry that employees will accidentally or intentionally expose sensitive medical information. MedAvant Healthcare Solutions is doing something about it.

MedAvant, one of the largest providers of healthcare technology and transaction services, offers transaction processing, cost-containment, and business process outsourcing services. Through Phoenix, a proprietary IT platform that supports both real-time and batch processing, MedAvant provides direct connectivity among more than 450,000 providers, 30,000 pharmacies, 500 clinical laboratories, and more than 100,000 payer organizations.

Because it handles financial transactions as well as sensitive insurance claims and other medical data, MedAvant has a double-helping of security requirements. One of the company's biggest concerns is that MedAvant employees will inadvertently or intentionally send out unencrypted, sensitive information to people who should not be receiving it: a violation of federal regulations, such as the Health Insurance Portability and Accountability Act (HIPAA).

To address this concern, MedAvant recently began using PortAuthority Technologies' PortAuthority 4.0, a Windows Server-based application that can monitor and block the transmission of information over a variety of communications channels, including outgoing and internal email, encrypted and unencrypted Web channels, File Transfer Protocol (FTP), instant messaging, and networked printing.

PortAuthority 4.0 has a three-tiered architecture that allows centralized security management as well as hierarchical, role-based administration. Using a technology called PreciseID, the product allows companies to detect and identify content across a wide variety of data sources, including databases and more than 300 file formats, using multiple identification techniques such as keywords, patterns, lexicons, and information fingerprinting.

Using the software, MedAvant can create and update custom policies by user, group, department, location, partner, domain, and other criteria to ensure that all distribution of information over its network is authorized. MedAvant also uses PortAuthority to produce Web-based, customizable reports on policy violations, as well as compliance reports based on pre-defined templates such as "dictionaries" for HIPAA, the Sarbanes-Oxley act, and other regulations.

MedAvant evaluated PortAuthority for about six months as the company sought a way to keep employees from sending out potentially troublesome data, says Robert Mims, vice president for security and network engineering at MedAvant. "We needed to put in a solution that could let me know who is sending confidential information outbound," he says, whether by email, personal Web mail, FTP, IM, or other means.

Prior to deploying the security software, Mims's team had no way of seeing what employees were sending out over the MedAvant network. They could be releasing intellectual property owned by the company, corporate financial data, internal memos, or other information that could violate HIPAA or SOX. Mims doesn't believe there were any such leaks: "If it was happening, I didn’t know about it.”

PortAuthority also includes a Linux-based appliance that lets Mims's team monitor all outbound and internal communication protocols for any sensitive information in transit, and then enforce applicable security policies, such as blocking and encrypting data. The appliance is set up to send out alerts anytime someone violates a security policy, he says.

With the increased traffic visibility provided by PortAuthority, Mims can now see whether users are adhering to policies. For example, if someone is sending unencrypted "protected health information" (PHI), a clear violation of HIPAA, Mims will automatically be notified. He can then counsel the user who sent the information to encrypt the data first.

Likewise, if a user sends out an email message with a Social Security number or credit card number, Mims and his team will be alerted about the transgression so he can put a stop to it.

"I didn't have this kind of visibility into the network before; every week I'm learning something new about how I can block [restricted] outbound traffic or get [activity] reports." The software hasn't inhibited employee productivity, he says, since it only blocks content that users shouldn't be sending out in the first place.

— Bob Violino, Contributing Reporter, Dark Reading

Organizations mentioned in this story

  • MedAvant Healthcare Solutions
  • PortAuthority Technologies Inc.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 5/28/2020
    Stay-at-Home Orders Coincide With Massive DNS Surge
    Robert Lemos, Contributing Writer,  5/27/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: Can you smell me now?
    Current Issue
    How Cybersecurity Incident Response Programs Work (and Why Some Don't)
    This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-11844
    PUBLISHED: 2020-05-29
    There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
    CVE-2020-6937
    PUBLISHED: 2020-05-29
    A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
    CVE-2020-7648
    PUBLISHED: 2020-05-29
    All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
    CVE-2020-7650
    PUBLISHED: 2020-05-29
    All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
    CVE-2020-7654
    PUBLISHED: 2020-05-29
    All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.