Cloud-Based Threat Detection
Discussion with David Moufarrege , CIO , St . Ann ’ s Community and Sanket Patel , CEO , Securolytics , about St . Ann ’ s Community ’ s new cybersecurity defense system .
Adviser : What precipitated St . Ann ’ s decision to look into this integrated cybersecurity solution ?
David : Other highly regulated industries have been addressing cybersecurity for years . In our industry , particularly in New York , there are now specific requirements for Performing Provider Systems ( PPSs ) under the Delivery System Reform Incentive Payment Program ( DSRIP ) when it comes to the exchange of data and what they expect from their exchange partners from a security perspective .
In the Rochester area , we ’ re expected to not only report on actual breaches but also trace back potential breaches . Did you have port scans or other types of threats ? We started there and looked to see what actually comes in and out of our network and that grew into this more comprehensive solution .
We began working with Sanket Patel and Securolytics about three and half years ago . We started with email archiving then began using their services for email encryption to securely transmit data to the insurance carriers and health systems . Now we have one integrated security solution that reaches across the board , whether it ’ s threat filtering for malware , detection of port scans or other defense mechanisms .
We can now tell you who accessed the network , from where and what they did . If you are concerned about information leakage it can be caught here . This is really important forensically and as a preventative measure . The unique solution that Sanket ’ s team has built really fits into our space and off-loads a lot of the concerns from us .
Adviser : Give a little background about the company .
Sanket : Securolytics is a cloud-based threat detection and analytics platform built for IoT
( Internet of Things ) devices . We address gaps in perimeter-based defenses by identifying the symptoms of a data breach , malware infection and criminal activity through behavioral analysis and anomaly detection . And we do it all without the need to deploy additional hardware or software .
Unlike traditional solutions , Securolytics uses advanced statistical modeling and machine learning to independently identify new problems , learn from what it sees and adapt over time . We reduce the effort needed to discover threats inside your network .
We ’ re based out of Atlanta and we have 250 customers in the United States , across all verticals . About 60 percent of our business is derived from the healthcare vertical , both acute and long term care .
Adviser : Talk about the cost versus benefit . Is this solution something you think should be standardized across the long term care field ?
David : I believe so but it ’ s a difficult thing to quantify because it ’ s a question of approach . Number one , we have a solution that does not require you to have an extensive internal IT department . But we do . St . Ann ’ s is actually the third largest healthcare system in the Rochester market after the two acute care systems . So even though we have the scale , we still opted for something we don ’ t have to do internally . It gives us the ability of upgrading without having capital investments or expensive personnel time involved .
Then you have to look at it from a security perspective . Yesterday , I shared an article about a breach at a specialty hospital in Georgia . Those guys ended up going out to the 200,000 patients that were breached and told them , “ We ’ re not going to do anything for you in terms of credit monitoring because we can ’ t afford that .” So when you start looking at it from a straight business perspective , how do you quantify the damage to your reputation ? There are already
( Continued )
31 Adviser a publication of LeadingAge New York | Fall 2016