Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

At MedAvant, Security Helps Pay the Bills

Healthcare billing and payment processing company implements PortAuthority software to stop unauthorized traffic

Some companies in the healthcare industry worry that employees will accidentally or intentionally expose sensitive medical information. MedAvant Healthcare Solutions is doing something about it.

MedAvant, one of the largest providers of healthcare technology and transaction services, offers transaction processing, cost-containment, and business process outsourcing services. Through Phoenix, a proprietary IT platform that supports both real-time and batch processing, MedAvant provides direct connectivity among more than 450,000 providers, 30,000 pharmacies, 500 clinical laboratories, and more than 100,000 payer organizations.

Because it handles financial transactions as well as sensitive insurance claims and other medical data, MedAvant has a double-helping of security requirements. One of the company's biggest concerns is that MedAvant employees will inadvertently or intentionally send out unencrypted, sensitive information to people who should not be receiving it: a violation of federal regulations, such as the Health Insurance Portability and Accountability Act (HIPAA).

To address this concern, MedAvant recently began using PortAuthority Technologies' PortAuthority 4.0, a Windows Server-based application that can monitor and block the transmission of information over a variety of communications channels, including outgoing and internal email, encrypted and unencrypted Web channels, File Transfer Protocol (FTP), instant messaging, and networked printing.

PortAuthority 4.0 has a three-tiered architecture that allows centralized security management as well as hierarchical, role-based administration. Using a technology called PreciseID, the product allows companies to detect and identify content across a wide variety of data sources, including databases and more than 300 file formats, using multiple identification techniques such as keywords, patterns, lexicons, and information fingerprinting.

Using the software, MedAvant can create and update custom policies by user, group, department, location, partner, domain, and other criteria to ensure that all distribution of information over its network is authorized. MedAvant also uses PortAuthority to produce Web-based, customizable reports on policy violations, as well as compliance reports based on pre-defined templates such as "dictionaries" for HIPAA, the Sarbanes-Oxley act, and other regulations.

MedAvant evaluated PortAuthority for about six months as the company sought a way to keep employees from sending out potentially troublesome data, says Robert Mims, vice president for security and network engineering at MedAvant. "We needed to put in a solution that could let me know who is sending confidential information outbound," he says, whether by email, personal Web mail, FTP, IM, or other means.

Prior to deploying the security software, Mims's team had no way of seeing what employees were sending out over the MedAvant network. They could be releasing intellectual property owned by the company, corporate financial data, internal memos, or other information that could violate HIPAA or SOX. Mims doesn't believe there were any such leaks: "If it was happening, I didn’t know about it.”

PortAuthority also includes a Linux-based appliance that lets Mims's team monitor all outbound and internal communication protocols for any sensitive information in transit, and then enforce applicable security policies, such as blocking and encrypting data. The appliance is set up to send out alerts anytime someone violates a security policy, he says.

With the increased traffic visibility provided by PortAuthority, Mims can now see whether users are adhering to policies. For example, if someone is sending unencrypted "protected health information" (PHI), a clear violation of HIPAA, Mims will automatically be notified. He can then counsel the user who sent the information to encrypt the data first.

Likewise, if a user sends out an email message with a Social Security number or credit card number, Mims and his team will be alerted about the transgression so he can put a stop to it.

"I didn't have this kind of visibility into the network before; every week I'm learning something new about how I can block [restricted] outbound traffic or get [activity] reports." The software hasn't inhibited employee productivity, he says, since it only blocks content that users shouldn't be sending out in the first place.

— Bob Violino, Contributing Reporter, Dark Reading

Organizations mentioned in this story

  • MedAvant Healthcare Solutions
  • PortAuthority Technologies Inc.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    A Realistic Threat Model for the Masses
    Lysa Myers, Security Researcher, ESET,  10/9/2019
    USB Drive Security Still Lags
    Dark Reading Staff 10/9/2019
    Virginia a Hot Spot For Cybersecurity Jobs
    Jai Vijayan, Contributing Writer,  10/9/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    7 Threats & Disruptive Forces Changing the Face of Cybersecurity
    This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
    Flash Poll
    2019 Online Malware and Threats
    2019 Online Malware and Threats
    As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-17612
    PUBLISHED: 2019-10-15
    An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter.
    CVE-2019-17613
    PUBLISHED: 2019-10-15
    qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in...
    CVE-2019-17395
    PUBLISHED: 2019-10-15
    In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
    CVE-2019-17602
    PUBLISHED: 2019-10-15
    An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
    CVE-2019-17394
    PUBLISHED: 2019-10-15
    In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.