Integrated Healthcare System Relies on Proofpoint to Keep Its Communications Secure
The Challenge
- Consolidate email management into a secure, consistent system
- Restore employee confidence in email security
- Minimise business email fraud
The Solution
- Proofpoint Enterprise Protection
- Proofpoint Secure Email Relay
- Proofpoint Targeted Attack Protection
- Proofpoint Threat Response Auto-Pull
- Proofpoint Email Fraud Defense
- Proofpoint Email Encryption
- Proofpoint Data Loss Prevention
The Results
- Improved protection against spoofing and other threats saves IT time
- Enhanced email security improves compliance
- Replicable solution scales easily across healthcare sites
The Challenge
Delivering More Secure, Consistent Healthcare Communications
This healthcare system brings together academic medical centres and teaching hospitals, community and specialty facilities. Its providers and administrators all work together to expand access to great care. And it advances the science and practice of medicine through its groundbreaking research and education.
“One of the things that really is important is our ability to collaborate and work together,” said the infrastructure solution director at the healthcare system. “To standardise everyone onto a common tool set, we started to move all our users to Microsoft 365. However, we still had a variety of disparate mail flow systems. We needed a way to bring those together as well, and do it securely.”
Email security at the organisation was not only siloed, but it performed inconsistently. This frustrated the hospital’s healthcare professionals and impacted compliance.
“Our existing IronPort solution was pretty porous, with a lot of false positives,” said the infrastructure solution director. “We had a lot of users who were creating their own workflows to circumvent the system, such as using their personal email accounts to contact prospects or new hires. They were working around the system because the tool was not as effective as it could have been.”
Saddled with ageing security systems, the IT team sometimes found itself in a reactive mode, having to respond to threats after they had penetrated its defences.
“We were seeing phishing attempts and other threats coming into the organisation,” said the infrastructure solution director. “Many of them were targeted at our top executives. Our COO, CFO and CEO would report them to us, and ask why they got through.”
They were also having issues with application emails being throttled. These system-generated emails often contain important transactional information. And that meant timely delivery was essential.
The organisation was looking for a comprehensive email protection solution that would enable it to stop the latest known and unknown email threats, proactively and consistently. The solution also needed to protect the healthcare system brand from sender impersonation and improve overall sending performance.
Infrastructure solution director, integrated healthcare system
The Solution
Moving from Reactive to Proactive Security
After considering several options, the healthcare system began a step-by-step deployment of Proofpoint Email Security and Protection solutions. This complete, scalable email security platform examines and blocks phishing, malware and non-malware threats. Proofpoint assisted with the migration, and helped the organisation create a templated approach to email security it can extend to all its sites.
“When we did the migration, I felt that our Proofpoint support was on point and really well managed,” said the infrastructure solution director. “The first migration we did was at one of our key facilities. It was a complex system with customised mail routes that we needed to replicate into the Proofpoint solution. We were able to do that quickly and effectively, without impacting end users. After completing that migration, we have been able to replicate the process to bring multiple sites into the Proofpoint environment.”
The Proofpoint solution includes Proofpoint Targeted Attack Protection, which helps the organisation get out in front of attackers by detecting, analysing and blocking threats before they reach users’ email inboxes. And if suspicious messages slip through, Proofpoint Threat Response Auto-Pull allows the infrastructure solution director and his team to analyse emails and move questionable items to quarantine after they are delivered.
To secure its application email, such as patient notifications, and address their performance issues, the healthcare system deployed Proofpoint Secure Email Relay. Designed specifically for application emails, it secures cloud applications that send transactional email under the healthcare system name. And it lets the infrastructure solution director and his team apply security controls such as encryption and data loss prevention. Once it was implemented, they saw no further throttling of these critical emails.
To help strengthen the integrity of its messaging, the organisation also implemented Proofpoint Email Fraud Defense to block malicious emails spoofing its domains before they reach its users or patients.
The Results
Improved Efficiency, Stronger Security
Prior to Proofpoint, many of the attacks that came into the organisation were targeted at executives and other individuals with access to sensitive data. With Proofpoint Email Fraud Defense, these healthcare professionals are better protected against email spoofing attacks and other threats.
“The ‘spoof safe’ feature has been a positive,” said the infrastructure solution director. “Having that ability to limit anything that is considered spoofed has really driven down the number of emails that are getting through. That has delivered major benefits.”
Putting Proofpoint security in place has enabled the organisation to not only up-level its protection against advanced threats, but use its limited IT resources more effectively. And it has provided a more positive experience for healthcare system end users.
“About 10 percent of the tickets that my infrastructure team was getting were related to spam,” said the infrastructure solution director. “As soon as we shifted over to Proofpoint, those tickets actually disappeared. So that additional work and the touchpoints that we had to do from an operational standpoint went down to nothing. When you eliminate 10 trouble tickets a week, and 15 minutes to process each ticket, you’re saving some significant time.”
By enabling the organisation to separate its user email from its application email, Proofpoint Secure Email Relay also enables the hospital to send out large amounts of patient communications more efficiently.
“All of our patient appointment reminders, messages, prescription refill notifications and other traffic from the MyChart records application now goes out over Proofpoint Secure Email Relay,” said the infrastructure solution director. “In the past, Comcast would often throttle us because we had a large number of notifications going out. Now that has gone away, and our end-user traffic is no longer affected by throttling since we’ve moved to Proofpoint.”
Proofpoint has provided the technologies needed to minimise risk, improve the user experience and strengthen compliance. It also enables a more proactive, strategic approach to email security for the long term. To continue to strengthen its culture of security, the organisation is also planning to implement Proofpoint Security Awareness. This solution empowers users with best practices and targeted, threat-guided education.
“We expect to complete the migration of our sites to Proofpoint soon, and we are planning to launch a big security awareness campaign,” said the infrastructure solution director. With these solutions in place, this large integrated healthcare system will have its communications protected—now and into the future.