“Our top priority is always our patients’ healthcare and their right to data security protection. We go to extremes to vet any new technology to make sure it is safe, because we are dealing with collecting data that could affect the patient,” said Sam E. Buhrow, director of Cyber Incident Management & Forensics at Banner Health. “We already had OpenText EnCase eDiscovery as a forensic solution. While we considered opportunities with other products, ultimately we came right back to OpenText. With OpenText EnCase Endpoint Investigator, we partnered with an organization whose product had a proven track record.”
EnCase Information Assurance provides Banner Health with 360-degree visibility across all endpoints, devices and networks to enable forensically sound data collection for litigation. The automated solution allows the company to collect and preserve potentially relevant data from multiple data sources, with a process that ensures strict chain of custody and executes legal hold in a defensible manner.
In addition, EnCase Endpoint Investigator, supported by OpenText Professional Services consultants, collects and analyzes data for incident response and investigation. When a security alert is received, the solution’s advanced digital forensic tools collects relevant data to quickly assess the situation and respond accordingly. “When an alert comes in, my team will use OpenText EnCase Endpoint Investigator to collect memory, look at the state of the systems and try to find any indication of compromise. We are able to quickly triage and determine if this is an actual security event,” Buhrow said.
Automating and accelerating many time-consuming processes, such as information collection, enables Banner Health to significantly improve its efficiency across all fronts. For example, the team has dramatically reduced incident response times for eDiscovery requests. “With OpenText EnCase Information Assurance, the time to collect and provide data for third-party requests dropped from three to four weeks down to six hours,” Buhrow reported.
Investigation and incident resolution has seen equally remarkable improvements. EnCase Information Assurance, supported by the expertise of Professional Services, provides immediate and thorough digital investigations. They search, collect, preserve and analyze data from anywhere on the corporate network.
“With incident responses in the past, it could take up to one week to pull the information, parse it and demonstrate in an understandable format that a security event had happened. By using OpenText EnCase Endpoint Investigator, we are able to pull those assets together very quickly,” Buhrow explained. “In a recent HR investigation, my team gave HR a full report with everything they needed in four hours. The amount of time that the OpenText solution saves has been dramatic.”