Central Oregon Radiology Safeguards Sensitive Medical Images and Data with ExtraHop Reveal(x)
Improved protection against breaches in an increasingly targeted industry
Reduced security costs by eliminating overhead needed to support separate, niche solution providers
Recognized immediate value with shortened training time and improved IT collaboration
CORA supports more than 8,000 physicians, hospitals, and clinics for their medical imaging needs. That means creating, transmitting, and storing hundreds of thousands of sensitive CT scans, MRIs, ultrasounds, PET scans, and X-rays. Many of the medical imaging machines and IoT devices are located at hospitals and clinics but are managed by CORA, which creates a challenging array of small, widely distributed sites that need to be secured.
Security issues and breaches targeting healthcare organizations have been on the rise over the past few years, and in 2019, several attacks specifically targeted digital imaging and communications in medicine. CORA wanted to get ahead of the growing risk by upgrading their security posture to better defend against potential breaches.
We had instant confidence in the tool. The ability to essentially plug and play meant we started to see returns on our investment almost right away.
CIO, Central Oregon Radiology Associates
The small CORA team manages all aspects of IT so they turned to ExtraHop to provide critical visibility for both security and performance. Reveal(x) immediately proved effective in its proof-of-concept phase.
"Third-party assessments just come back with raw numbers for pen testing or vulnerability assessments," says Richard Stepanek, CIO. "Unless you have a pretty big team of dedicated security experts, it can be hard to know how to act on the information, but Reveal(x) directs us precisely where to find any potential issues so we can locate and mitigate it fast."
The POC clearly demonstrated how the CORA team could track and protect vast volumes of data—both stored and in flight—across a wide variety of outside organizations.
With such a broad set of users and connected devices, CORA also relies on Reveal(x) to ensure that sensitive medical data is shared and stored while following established protocol.
"The use of 'unauthorized' sharing services is big now because colleagues often just choose whatever they're familiar using, usually not with malicious intent," says Stepanek. Reveal(x) lets his team get ahead of those kinds of issues and be proactive about resolving them, so they aren't surprised if any breach occurs.
"It's helped close that loop with medical records folks. When we see anything outside of our normal channels, we can set authorizations and documentation up front, so no one gets crossways with HIPAA rules."