– Partners HealthCare holds patient data, intellectual property and employee personal information, all of which must be protected – Security is an increasingly important priority for the board, so clear visibility and reporting on security status is essential – The organization needed to boost automation and standardize processes to enhance its security posture and compliance
Partners HealthCare is a not-for-profit health care system that is committed to patient care, research, teaching, and service to the community locally and globally. Collaboration among its institutions and health care professionals is central to its efforts. Founded in 1994 by Brigham and Women's Hospital and Massachusetts General Hospital, Partners HealthCare includes community and specialty hospitals, a managed care organization, a physician network, community health centers, home care and other health-related entities.
Partner Healthcare deployed RSA SecurID® to enable remote authentication for physicians and researchers working off-site, and has around 65,000 regular users. They leverage the soft token capabilities, helping their international researchers and physicians connect to the systems in a secure manner. They highly value the ability to create risk profiles of their community and their user population and then use those risk scores to help evaluate to whom they would be giving remote access. Being able to customize the risk portion of the SecurID tool in this way has been a huge enabler. They are looking to integrate Archer as the enterprise-wide GRC platform, and integrating the SOC modules so that they can have a better grasp and visibility of events and incidents, as well as automated workflows to address the long term remediation of incidents. They are also planning to leverage Archer for incident response management, as well as risk management processing specifically around the enterprise risk assessments and their third party risk assessments. Security Analytics brought visibility of inter-network traffic, meaning east-west traffic versus the traditional north-south traffic that most organizations have good visibility into. This will give them the opportunity to correlate across multiple areas within our environment.