Banner Health | OpenText

Challenges

Existing system couldn’t meet rising cybersecurity threats and litigation needs
Time-consuming manual processes slowed eDiscovery data collection
Lengthy delays in investigations hampered incident response

Results

Accelerates eDiscovery to defensibly collect data across the enterprise
Enables a comprehensive approach to rapid incident management and response
Increases efficiency, productivity and time savings

Story

Although they operate far from the emergency room, Banner Health’s Cyber Incident Management & Forensics team supports the organization’s commitment to patient care through the innovative use of OpenText™ EnCase™ Information Assurance and OpenText™ EnCase™ Endpoint Investigator. From data security incident response to compliance with legal requests for electronic information (eDiscovery), the team is entrusted with managing and protecting the company’s data. With both cybersecurity threats and litigation on the rise, Banner Health determined its existing systems could not meet the company’s increasingly critical needs and sought other methods to accelerate data security response.

A nurse showing something to a patient on a laptop.

We already had OpenText EnCase eDiscovery as a forensic solution. While we considered opportunities with other products, ultimately we came right back to OpenText. With OpenText EnCase Endpoint Investigator, we partnered with an organization whose product had a proven track record.

Sam E. Buhrow
Director of Cyber Incident Management & Forensics, Banner Health

“Our top priority is always our patients’ healthcare and their right to data security protection. We go to extremes to vet any new technology to make sure it is safe, because we are dealing with collecting data that could affect the patient,” said Sam E. Buhrow, director of Cyber Incident Management & Forensics at Banner Health. “We already had OpenText EnCase eDiscovery as a forensic solution. While we considered opportunities with other products, ultimately we came right back to OpenText. With OpenText EnCase Endpoint Investigator, we partnered with an organization whose product had a proven track record.”

EnCase Information Assurance provides Banner Health with 360-degree visibility across all endpoints, devices and networks to enable forensically sound data collection for litigation. The automated solution allows the company to collect and preserve potentially relevant data from multiple data sources, with a process that ensures strict chain of custody and executes legal hold in a defensible manner.

In addition, EnCase Endpoint Investigator, supported by OpenText Professional Services consultants, collects and analyzes data for incident response and investigation. When a security alert is received, the solution’s advanced digital forensic tools collects relevant data to quickly assess the situation and respond accordingly. “When an alert comes in, my team will use OpenText EnCase Endpoint Investigator to collect memory, look at the state of the systems and try to find any indication of compromise. We are able to quickly triage and determine if this is an actual security event,” Buhrow said.

Automating and accelerating many time-consuming processes, such as information collection, enables Banner Health to significantly improve its efficiency across all fronts. For example, the team has dramatically reduced incident response times for eDiscovery requests. “With OpenText EnCase Information Assurance, the time to collect and provide data for third-party requests dropped from three to four weeks down to six hours,” Buhrow reported.

Investigation and incident resolution has seen equally remarkable improvements. EnCase Information Assurance, supported by the expertise of Professional Services, provides immediate and thorough digital investigations. They search, collect, preserve and analyze data from anywhere on the corporate network.

“With incident responses in the past, it could take up to one week to pull the information, parse it and demonstrate in an understandable format that a security event had happened. By using OpenText EnCase Endpoint Investigator, we are able to pull those assets together very quickly,” Buhrow explained. “In a recent HR investigation, my team gave HR a full report with everything they needed in four hours. The amount of time that the OpenText solution saves has been dramatic.”

With OpenText EnCase Information Assurance, the time to collect and provide data for thirdparty requests has dropped from three to four weeks down to six hours.

Sam E. Buhrow
Director of Cyber Incident Management & Forensics, Banner Health

Looking at past metrics, Buhrow noted that some investigations and incident responses were often still unresolved at the 30- or even 60-day mark: “If you have an incident that’s still open after 30 days, that is cause for concern. With OpenText EnCase Endpoint Investigator, we have gone from 60-day and 90-day resolutions down to 30 days or less.” This newfound efficiency not only results in faster responses to requests and incidents, it also bolsters the team’s reputation with stakeholders, such as HR and legal. “The faster we can provide a response to our internal customers, the more confidence they have that when something big and bad happens, we are able to urgently identify and resolve the issue,” Buhrow said.

During a recent incident response, the team rapidly pulled information and triaged the situation. Within an hour and a half, they had a working theory as to the nature of the incident, which caught the attention of executives, reported Buhrow. “We had senior leadership saying, ‘Wow, we have the right people with the right tools.’ They just could not believe the results with OpenText. The last time a similar incident happened, it took nearly six days before they were able to resolve it.”

Banner Health credits the success of the solution in part to the valued partnership with Professional Services, which helps the company get the most out of the OpenText EnCase solutions. By leveraging the expertise of Professional Services, the team developed processes, playbooks and tools to accelerate incident response and maximize efficiency. “OpenText has really been very valuable to us. To have OpenText Professional Services support us and be a trusted partner is a real value,” Buhrow noted.

About Banner Health

Headquartered in Phoenix, Arizona, Banner Health is one of the largest nonprofit healthcare systems in the U.S., with close to 500 medical facilities across six states, including hospitals, urgent care facilities and rehabilitation centers. In a single year, Banner Health sees more than a million emergency room visits, runs close to five million blood tests and delivers more than 30,000 babies.

FeaturedFeatured

Analytics CloudAnalytics Cloud

Analytics DatabaseAnalytics Database

Business Intelligence and ReportingBusiness Intelligence and Reporting

Data DiscoveryData Discovery

eDiscovery and InvestigationseDiscovery and Investigations

Legal Content and Knowledge ManagementLegal Content and Knowledge Management

Aviator Search

Business Network CloudBusiness Network Cloud

Supply Chain IntegrationSupply Chain Integration

B2B Integration ServicesB2B Integration Services

Ecosystem CollaborationEcosystem Collaboration

Business Network Aviator

Content CloudContent Cloud

Document ManagementDocument Management

AI Content ManagementAI Content Management

Business IntegrationsBusiness Integrations

Capture and Intelligent Document ProcessingCapture and Intelligent Document Processing

Information ArchivingInformation Archiving

Process AutomationProcess Automation

Information GovernanceInformation Governance

Content Aviator

Cybersecurity CloudCybersecurity Cloud

Application SecurityApplication Security

Identity and Access ManagementIdentity and Access Management

Data Privacy and ProtectionData Privacy and Protection

Digital Investigations and ForensicsDigital Investigations and Forensics

Threat IntelligenceThreat Intelligence

Threat Detection and ResponseThreat Detection and Response

Cybersecurity Aviator

DevOps CloudDevOps Cloud

DevOps PlatformDevOps Platform

PPM and Strategic Portfolio ManagementPPM and Strategic Portfolio Management

Quality ManagementQuality Management

Functional TestingFunctional Testing

Performance EngineeringPerformance Engineering

DevOps Aviator

Experience CloudExperience Cloud

Web and Brand ExperiencesWeb and Brand Experiences

MessagingMessaging

Customer Journey and DataCustomer Journey and Data

Media ManagementMedia Management

Contact Center AnalyticsContact Center Analytics

Experience Aviator

IT Operations CloudIT Operations Cloud

Service ManagementService Management

FinOpsFinOps

AIOps and ObservabilityAIOps and Observability

AutomationAutomation

Network ManagementNetwork Management

IT Operations Aviator

OpenText ThrustOpenText Thrust

Developer Cloud technical documentationDeveloper Cloud technical documentation

Aviator Thrust

PortfolioPortfolio

Data protection and endpoint backupData protection and endpoint backup

Endpoint management and mobile securityEndpoint management and mobile security

Hybrid work, email, and team collaborationHybrid work, email, and team collaboration

Archiving, eDiscovery, and data securityArchiving, eDiscovery, and data security

Information reimaginedInformation reimagined

Artificial IntelligenceArtificial Intelligence

IndustryIndustry

Enterprise ApplicationsEnterprise Applications

Your journey to successYour journey to success

Customer SupportCustomer Support

Customer Success ServicesCustomer Success Services

Strategy & Advisory ServicesStrategy & Advisory Services

Consulting ServicesConsulting Services

Learning ServicesLearning Services

Managed ServicesManaged Services

Find an OpenText PartnerFind an OpenText Partner

Find a Partner SolutionFind a Partner Solution

Grow as a PartnerGrow as a Partner

Become a Partner

Asset LibraryAsset Library

BlogsBlogs

EventsEvents

CommunitiesCommunities

Customer StoriesCustomer Stories

OpenText NavigatorOpenText Navigator

Featured

Analytics Cloud

Analytics Database

Business Intelligence and Reporting

Data Discovery

eDiscovery and Investigations

Legal Content and Knowledge Management

Business Network Cloud

Supply Chain Integration

B2B Integration Services

Ecosystem Collaboration

Content Cloud

Document Management

AI Content Management

Business Integrations

Capture and Intelligent Document Processing

Information Archiving

Process Automation

Information Governance

Cybersecurity Cloud

Application Security

Identity and Access Management

Data Privacy and Protection

Digital Investigations and Forensics

Threat Intelligence

Threat Detection and Response

DevOps Cloud

DevOps Platform

PPM and Strategic Portfolio Management

Quality Management

Functional Testing

Performance Engineering

Experience Cloud

Web and Brand Experiences

Messaging

Customer Journey and Data

Media Management

Contact Center Analytics

IT Operations Cloud

Service Management

FinOps

AIOps and Observability

Automation

Network Management

OpenText Thrust

Developer Cloud technical documentation

Portfolio

Data protection and endpoint backup

Endpoint management and mobile security

Hybrid work, email, and team collaboration

Archiving, eDiscovery, and data security

Information reimagined

Artificial Intelligence

Industry

Enterprise Applications

Your journey to success

Customer Support

Customer Success Services

Strategy & Advisory Services

Consulting Services

Learning Services

Managed Services

Find an OpenText Partner

Find a Partner Solution

Grow as a Partner

Asset Library

Blogs

Events

Communities

Customer Stories

OpenText Navigator