CloudVault Health Patented Software Simplifies the Complex Task of Finding PHI, Knowing When it's Shared, and Protecting It

    ATLANTA, GA, March 09, 2016 /24-7PressRelease/ -- A patented technology solution that discovers, classifies, and protects at-risk private healthcare information (PHI) across any healthcare organizations' enterprise is now available from CloudVault Health (CVH). Unlike existing technology that focuses exclusively on strengthening the network or application 'security fence' to prevent breaches, CloudVault Health's patented software monitors and protects the actual healthcare data itself, even when it moves outside the organization's security fence into associated business domains or even to unauthorized external devices or end points.

CloudVault Health CEO Richard Nelli said the new solution is a common sense first step in protecting sensitive PHI from both unintended disclosure and malicious breaches. "Our patented software seamlessly scans for and discovers the sensitive data wherever it exists across any designated group of end-points, and then leverages a refined classification process to protect the information and inform the organization about where its PHI is and when and how it's being shared or moved," explains Nelli, adding, "You simply can't protect information if you don't know where it is across your system."

How it works: Minimal IT involvement for continuous, automatic monitoring of PHI and risk
CVH CIO Steve Bacastow led development of the first healthcare specific security software. "It was designed and developed with a sharp focus on seamless installation, minimizing the client organization's hands-on involvement," Bacastow explains. Once the patented CloudVault Health solution is deployed and a monitoring and classification pattern is refined, hands-on involvement by client technology resources will be largely unnecessary, Bacastow explains.

The CVH PHI security solution is designed around distinct capabilities, each focused on a process step that ultimately assures client organizations the confidence that PHI data is continuously monitored wherever it is and secured when it is discovered outside the control of authorized users. Bacastow described the distinct capabilities and process steps;

- Scanning agents are deployed to endpoints inside the network or outside the organization (meaning any associated external business entities that access the healthcare organization's data). From that point, endpoints are continuously scanned, and metadata is collected about file activity on each endpoint.

- The collected metadata is analyzed and properly classified by risk level to enable the organization to monitor Private Healthcare Information (PHI), Personally Identifiable Information (PII) and other sensitive information to discover any inappropriate activity, such as unauthorized copying or movement of sensitive information.

- Files are automatically secured based on classification; unauthorized file use or movement can be automatically encrypted and securely moved to assure managed access going forward. Internal and external users with appropriate, established entitlements may then securely access sensitive files.

PHI risks and accountability grow; penalties and regulations increase
Rusty Gordon, Chairman of CloudVault Health, explains that healthcare and related organizations are now the most targeted industry for cybercriminals and insider threats, due to the monetary value of PHI data compared to the value typically derived from financial-related information. The proliferation of PHI sharing is exponential, further straining traditional data protection. "Every time a patient engages the healthcare system, whether at a hospital, a physician clinic, an outside lab or even a pharmacy, gigabytes of data are created and shared in the name of efficiency and better patient care," explains Gordon. "As this information propagates across the broad and varied healthcare data system, healthcare organizations simply lose track of it, to the point where many organizations that are specifically accountable don't know where all the sensitive data exists across their own networks," said Gordon. Healthcare organizations that know where the information is and can easily monitor its movement will have a distinct advantage in complying with stringent HIPAA and Fair Use regulations and protecting their brand reputation.

# # #