Community-Based Healthcare Organization Increases Productivity and Security

Situation

An established New England Insurance company. For more than a century and a half, the company has offered coverage for individuals, families, and businesses. They serve many Connecticut communities, including Willimantic, Mansfield, Storrs, Columbia, Colchester, Andover, Bolton, Tolland, Norwich, East Lyme, Groton, Waterford, Mystic, and New London.

Challenge

The organization approached Cooperative Systems seeking technology upgrades designed to increase their productivity and security posture while still complying with rigorous Health Insurance Portability and Accountability Act (HIPAA) regulations. Realizing their goals required a team of managed IT services experts.

​

To best understand the current state of the healthcare organization’s IT infrastructure and operational processes, Cooperative Systems performed a comprehensive technology assessment, during which we gathered data and conducted interviews with the executive team. 

​

Once our information collection process was complete, we analyzed our findings and produced a report, which revealed that the nonprofit’s largest and most pressing issue was the need to fortify their cybersecurity protections to ensure HIPAA compliance. After discussing the report and prioritizing the client’s needs, we created a plan to identify and implement the proper solutions. 

Solution

The first step was to migrate them from their provider’s hosted email platform to their own Microsoft 365 Microsoft Nonprofit Tenant for email, file storage, and collaboration. Then, we implemented Proofpoint email security, giving them AV/Spam protection, email encryption, and archiving to comply with HIPAA for Personal Identifiable Information (PII) protection requirements.

​

Then, we migrated their data to SharePoint and Teams to remove their reliance on traditional, on-premises file servers. This gave them greater flexibility to work remotely and still be HIPAA compliant.

​

Once we’d migrated them and their data to the Microsoft ecosystem, we focused on “hardening” (e.g., securing) their IT environment. This included implementing Duo multi-factor authentication to protect Microsoft 365 logins. In addition, we configured their Skykick Backups to capture and store copies of their entire Microsoft 365 organization up to six times a day with unlimited retention. Skykick was an important supplemental component since Microsoft, unfortunately, doesn’t directly offer adequate backup functionality.

​

Finally, due to the increase in phishing and social engineering scams, we provided robust cybersecurity awareness training using KnowBe4’s cybersecurity educational resources for the organization’s entire staff. Part of the training included simulated phishing emails designed to reinforce a “think before you click” mindset. Employees are still the first line of defense against threat actors. 

Results

The organization’s increased cybersecurity posture helped them to become fully HIPAA compliant. In addition, their staff was able to work remotely anytime, anywhere. Their ability to communicate and collaborate both internally and externally improved dramatically. Their staff is more cybersecurity aware and educated on the latest threats and email phishing tactics used by cyber criminals.