Kootenai Health

Overview

Kootenai Health provides a comprehensive range of medical services to patients at several facility locations in Idaho, Washington, Montana and the inland northwest. Its main campus—which includes a 292- bed, community-owned hospital—is located in Coeur d’Alene, Idaho.

By providing outstanding health care, Kootenai Health has repeatedly earned regional and national recognition and is now one of the largest employers in the region with more than 2,600 employees.

Challenge

Early in the information security process, Kootenai Health recognized a key security challenge: end-users were downloading— either intentionally or accidentally—unwanted software. According to Michael Meline, Director of Data Security at Kootenai Health, it was costing the organization a substantial amount of money, time and resources to manually analyze and report all accounts of suspicious activity.

“Normal employee behavior” had not been established because the incumbent security solution lacked the visibility necessary for behavioral analytics. Without the proper solution in place, Michael was forced to manually identify and record risky end-user behavior. While Kootenai Health identified that no patient data had been compromised, there were concerns that if left unaddressed, this could be an issue.

Michael received multiple complaints from his executive team in just his first week as Director of Data Security at Kootenai Health. Though a solution was in place, Kootenai users were not properly educated on how to respond to phishing attempts. While visiting suspicious sites, Kootenai users would download unwanted content. Being targeted daily by phishing attempts overwhelmed not only executives, but the majority of Kootenai employees. Michael found himself spending too much time responding to these kinds of incidents.

In order for the organization to be successful in preventing the exfiltration of critical medical data, Kootenai needed a Data Loss Prevention (DLP) solution with visibility and behavioral analytics. 

Solution

After a successful evaluation and Proof of Concept (POC), Michael and his team demonstrated Forcepoint’s immediate ROI. Kootenai Health chose to implement Forcepoint’s web, email and DLP solutions for their unified management and advanced reporting functions.

“As a security consultant, I used to travel around and do a ton of pen testing and vulnerability assessments. The companies that had Forcepoint in place were highly successful. So, with the previous knowledge I had about Forcepoint, I was confident that it was the best choice for Kootenai.”
— Michael Meline, Director of Data Security, Kootenai Health

Common architecture made it simple to deploy any combination of Forcepoint solutions within Kootenai Health’s network infrastructure. Additionally, the Forcepoint solutions streamline works well for the Kootenai security team. This gives the organization the context and insights it needs to make better decisions, minimizes the dwell time of potential attacks and prevents the exfiltration of its sensitive data due to risky end-user behavior.

Results

In a short time, Michael and his team recognized substantial ROI thanks to Forcepoint’s quick and easy deployment.

“Within a couple of weeks of implementation, our executives were praising the solution. We went from seeing only 10% of malicious activity filtered out with the previous solution to averaging about 60-80% with Forcepoint in place. Our false positive rate is less than 0.1%.”
— Meline

In a 30 day timeframe, Michael reported that Forcepoint and the Kootenai team have actively filtered out 726 viruses and identified 722,331 cases of phishing and spam messages. Kootenai went from seeing malicious threats on a daily basis to almost never seeing them. As Michael puts it, “If we see something on occasion, it surprises us.”

With the help of Forcepoint, Kootenai Health is now actively blocking activities that have the potential to be very concerning. Michael and the Kootenai Team have also focused on educating end-users about malicious activity, further minimizing the threat of risky behavior. The team has implemented quarterly “phishing tests” for its employees: a malicious link is sent via email to Kootenai end-users and Michael’s team validates whether they report or follow the link in the email.

“Employees used to click on anything that they received. Now we’ve done extensive training to help them understand when not to click on emails or links in emails. If a phishing email does come through, within 2 minutes, I have end users reporting it. We can then use the Forcepoint solution to block the attacks, identify potential victims, and help our employees do their job properly and safely, preventing sensitive medical records from leaving the organization.”
— Meline

Today, it’s rare that a user at Kootenai will need to report a phishing attempt, as Forcepoint successfully prevents threats before they have the chance to enter the organization. This level of visibility and protection significantly decreases the risk of critical data leaving the Kootenai Health system.

“The relationship between Kootenai Health and Forcepoint is only going to grow. I’m really impressed with the capabilities and level of protection the solution provides. I’m a Forcepoint customer because I choose to be. I don’t know of another solution that does the job better.”
— Meline

Michael also understand the importance of having a layered approach to security:

“As a security professional, we know that we will never have complete security. We do know that it is important to use a layered approach to security. We have a fully functioning program that leverages policies, risk management, training, and technical solutions to lower our risk. Forcepoint provides us with several technical layers of protection.”
— Meline

Kootenai Health has relied on Forcepoint security solutions since 2014.