Banner Health | OpenText

Challenges

Existing system couldn’t meet rising cybersecurity threats and litigation needs
Time-consuming manual processes slowed eDiscovery data collection
Lengthy delays in investigations hampered incident response

Results

Accelerates eDiscovery to defensibly collect data across the enterprise
Enables a comprehensive approach to rapid incident management and response
Increases efficiency, productivity and time savings

Story

Although they operate far from the emergency room, Banner Health’s Cyber Incident Management & Forensics team supports the organization’s commitment to patient care through the innovative use of OpenText™ EnCase™ Information Assurance and OpenText™ EnCase™ Endpoint Investigator. From data security incident response to compliance with legal requests for electronic information (eDiscovery), the team is entrusted with managing and protecting the company’s data. With both cybersecurity threats and litigation on the rise, Banner Health determined its existing systems could not meet the company’s increasingly critical needs and sought other methods to accelerate data security response.

A nurse showing something to a patient on a laptop.

We already had OpenText EnCase eDiscovery as a forensic solution. While we considered opportunities with other products, ultimately we came right back to OpenText. With OpenText EnCase Endpoint Investigator, we partnered with an organization whose product had a proven track record.

Sam E. Buhrow
Director of Cyber Incident Management & Forensics, Banner Health

“Our top priority is always our patients’ healthcare and their right to data security protection. We go to extremes to vet any new technology to make sure it is safe, because we are dealing with collecting data that could affect the patient,” said Sam E. Buhrow, director of Cyber Incident Management & Forensics at Banner Health. “We already had OpenText EnCase eDiscovery as a forensic solution. While we considered opportunities with other products, ultimately we came right back to OpenText. With OpenText EnCase Endpoint Investigator, we partnered with an organization whose product had a proven track record.”

EnCase Information Assurance provides Banner Health with 360-degree visibility across all endpoints, devices and networks to enable forensically sound data collection for litigation. The automated solution allows the company to collect and preserve potentially relevant data from multiple data sources, with a process that ensures strict chain of custody and executes legal hold in a defensible manner.

In addition, EnCase Endpoint Investigator, supported by OpenText Professional Services consultants, collects and analyzes data for incident response and investigation. When a security alert is received, the solution’s advanced digital forensic tools collects relevant data to quickly assess the situation and respond accordingly. “When an alert comes in, my team will use OpenText EnCase Endpoint Investigator to collect memory, look at the state of the systems and try to find any indication of compromise. We are able to quickly triage and determine if this is an actual security event,” Buhrow said.

Automating and accelerating many time-consuming processes, such as information collection, enables Banner Health to significantly improve its efficiency across all fronts. For example, the team has dramatically reduced incident response times for eDiscovery requests. “With OpenText EnCase Information Assurance, the time to collect and provide data for third-party requests dropped from three to four weeks down to six hours,” Buhrow reported.

Investigation and incident resolution has seen equally remarkable improvements. EnCase Information Assurance, supported by the expertise of Professional Services, provides immediate and thorough digital investigations. They search, collect, preserve and analyze data from anywhere on the corporate network.

“With incident responses in the past, it could take up to one week to pull the information, parse it and demonstrate in an understandable format that a security event had happened. By using OpenText EnCase Endpoint Investigator, we are able to pull those assets together very quickly,” Buhrow explained. “In a recent HR investigation, my team gave HR a full report with everything they needed in four hours. The amount of time that the OpenText solution saves has been dramatic.”

With OpenText EnCase Information Assurance, the time to collect and provide data for thirdparty requests has dropped from three to four weeks down to six hours.

Sam E. Buhrow
Director of Cyber Incident Management & Forensics, Banner Health

Looking at past metrics, Buhrow noted that some investigations and incident responses were often still unresolved at the 30- or even 60-day mark: “If you have an incident that’s still open after 30 days, that is cause for concern. With OpenText EnCase Endpoint Investigator, we have gone from 60-day and 90-day resolutions down to 30 days or less.” This newfound efficiency not only results in faster responses to requests and incidents, it also bolsters the team’s reputation with stakeholders, such as HR and legal. “The faster we can provide a response to our internal customers, the more confidence they have that when something big and bad happens, we are able to urgently identify and resolve the issue,” Buhrow said.

During a recent incident response, the team rapidly pulled information and triaged the situation. Within an hour and a half, they had a working theory as to the nature of the incident, which caught the attention of executives, reported Buhrow. “We had senior leadership saying, ‘Wow, we have the right people with the right tools.’ They just could not believe the results with OpenText. The last time a similar incident happened, it took nearly six days before they were able to resolve it.”

Banner Health credits the success of the solution in part to the valued partnership with Professional Services, which helps the company get the most out of the OpenText EnCase solutions. By leveraging the expertise of Professional Services, the team developed processes, playbooks and tools to accelerate incident response and maximize efficiency. “OpenText has really been very valuable to us. To have OpenText Professional Services support us and be a trusted partner is a real value,” Buhrow noted.

About Banner Health

Headquartered in Phoenix, Arizona, Banner Health is one of the largest nonprofit healthcare systems in the U.S., with close to 500 medical facilities across six states, including hospitals, urgent care facilities and rehabilitation centers. In a single year, Banner Health sees more than a million emergency room visits, runs close to five million blood tests and delivers more than 30,000 babies.

FeaturedFeatured

Analytics CloudAnalytics Cloud

Data Lakehouse & AnalyticsData Lakehouse & Analytics

BI, Visualization & ReportingBI, Visualization & Reporting

eDiscovery and Legal SolutionseDiscovery and Legal Solutions

OpenText™ Aviator Search

Business Network CloudBusiness Network Cloud

Supply Chain AutomationSupply Chain Automation

B2B IntegrationB2B Integration

Secure CollaborationSecure Collaboration

Supply Chain TraceabilitySupply Chain Traceability

Supply Chain InsightsSupply Chain Insights

Industry Applications and ServicesIndustry Applications and Services

OpenText™ Business Network Aviator

Content CloudContent Cloud

Document ManagementDocument Management

AI Content ManagementAI Content Management

Capture Intelligent Document ProcessingCapture Intelligent Document Processing

Process AutomationProcess Automation

Business IntegrationsBusiness Integrations

Information ArchivingInformation Archiving

Industry SolutionsIndustry Solutions

Information GovernanceInformation Governance

OpenText™ Content Aviator

Cybersecurity CloudCybersecurity Cloud

Application SecurityApplication Security

Data Privacy and ProtectionData Privacy and Protection

Threat Detection and ResponseThreat Detection and Response

Identity and Access ManagementIdentity and Access Management

Digital Investigations and ForensicsDigital Investigations and Forensics

Threat IntelligenceThreat Intelligence

OpenText™ Cybersecurity Aviator

DevOps CloudDevOps Cloud

DevOps PlatformDevOps Platform

Functional TestingFunctional Testing

PPM and Strategic Portfolio ManagementPPM and Strategic Portfolio Management

Quality ManagementQuality Management

Performance EngineeringPerformance Engineering

OpenText™ DevOps Aviator

Experience CloudExperience Cloud

Web & Mobile ExperiencesWeb & Mobile Experiences

Contact Center AnalyticsContact Center Analytics

Messaging & FaxMessaging & Fax

Customer CommunicationsCustomer Communications

Digital Asset ManagementDigital Asset Management

Customer Journey and DataCustomer Journey and Data

OpenText™ Experience Aviator

IT Operations CloudIT Operations Cloud

Service ManagementService Management

Discovery & CMDBDiscovery & CMDB

AIOps and ObservabilityAIOps and Observability

Network ManagementNetwork Management

Cloud Management, FinOps & GreenOpsCloud Management, FinOps & GreenOps

AutomationAutomation

OpenText™ IT Operations Aviator

OpenText™ ThrustOpenText™ Thrust

OpenText™ Thrust bundleOpenText™ Thrust bundle

OpenText™ Aviator Thrust

PortfolioPortfolio

Data ProtectionData Protection

Endpoint Management and Mobile Security Endpoint Management and Mobile Security

Hybrid Work, Email, and Team Collaboration Hybrid Work, Email, and Team Collaboration

Archiving, eDiscovery, and Data SecurityArchiving, eDiscovery, and Data Security

Connectivity and Document ManagementConnectivity and Document Management

Information reimaginedInformation reimagined

Artificial IntelligenceArtificial Intelligence

IndustryIndustry

Enterprise ApplicationsEnterprise Applications

Your journey to successYour journey to success

Customer SupportCustomer Support

Customer Success ServicesCustomer Success Services

Strategy & Advisory ServicesStrategy & Advisory Services

Consulting ServicesConsulting Services

Learning ServicesLearning Services

Managed ServicesManaged Services

Find an OpenText PartnerFind an OpenText Partner

Find a Partner SolutionFind a Partner Solution

Grow as a PartnerGrow as a Partner

Become a Partner

Asset LibraryAsset Library

Featured

Analytics Cloud

Data Lakehouse & Analytics

BI, Visualization & Reporting

eDiscovery and Legal Solutions

Business Network Cloud

Supply Chain Automation

B2B Integration

Secure Collaboration

Supply Chain Traceability

Supply Chain Insights

Industry Applications and Services

Content Cloud

Document Management

AI Content Management

Capture Intelligent Document Processing

Process Automation

Business Integrations

Information Archiving

Industry Solutions

Information Governance

Cybersecurity Cloud

Application Security

Data Privacy and Protection

Threat Detection and Response

Identity and Access Management

Digital Investigations and Forensics

Threat Intelligence

DevOps Cloud

DevOps Platform

Functional Testing

PPM and Strategic Portfolio Management

Quality Management

Performance Engineering

Experience Cloud

Web & Mobile Experiences

Contact Center Analytics

Messaging & Fax

Customer Communications

Digital Asset Management

Customer Journey and Data

IT Operations Cloud

Service Management

Discovery & CMDB

AIOps and Observability

Network Management

Cloud Management, FinOps & GreenOps

Automation

OpenText™ Thrust

OpenText™ Thrust bundle

Portfolio

Data Protection

Endpoint Management and Mobile Security

Hybrid Work, Email, and Team Collaboration

Archiving, eDiscovery, and Data Security

Connectivity and Document Management

Information reimagined

Artificial Intelligence

Industry

Enterprise Applications

Your journey to success

Customer Support

Customer Success Services

Strategy & Advisory Services

Consulting Services

Learning Services

Managed Services

Find an OpenText Partner

Find a Partner Solution

Grow as a Partner

Asset Library

Blogs

Events

Communities

Customer Stories

OpenText Navigator