Pharmacy Network Services employees experienced a barrage of suspicious emails that just kept coming, one after another from a customer.
After receiving an alert, Chief Information Officer, Dave Trent, quickly logged into Pharmacy Network Services’ new email management system – only one week old at the time – and confirmed what he had already suspected. A customer was unwittingly sending out spear-phishing messages.
The email management system had done its job. It had identified the customer’s communications as a possible threat and blocked the links contained in the emails, preventing Pharmacy Network Services from becoming a victim itself. And it allowed Trent to immediately notify the customer that its system had been compromised.
Email attacks like spear-phishing happen all the time, but the healthcare vertical is an especially attractive target as has been seen by recent high-profile breaches at leading U.S. healthcare providers, because of the high value of patient information. According to Trent, Pharmacy Network Services has always been aware of security and threat issues stemming not just from email, but the Internet as a whole.
To keep these threats at bay and help protect customers, Pharmacy Network Services needed an email management system with enhanced security capabilities. As a provider of pharmaceuticals to institutions, including nursing homes, long-term care providers and correctional facilities, the East Tennessee-based company manages a high volume of electronic and email orders – the majority of which need to be secure, per requirements related to the Health Insurance Portability and Accountability Act (HIPAA).
That’s why Trent turned to Mimecast. He said, “Mimecast was progressive at keeping up with threat changes and seemed to come up with new techniques [for fighting threats].”
Trent reached out to Mimecast after Google announced it would be discontinuing its Postini Service – the email security and archiving solution that Pharmacy Network Solutions had been using previously. What Trent found after adopting Mimecast is that he had access to a number of new benefits they hadn’t had before.
Mimecast offered attractive pricing, as well as an opportunity for Pharmacy Network Services to consolidate its service agreement into one document.
Yet, Trent says he was “sold” on Mimecast because of it being a cloud service. He says, “Beyond security, Mimecast’s message queuing functionality, in combination with archiving functions, helps us prevent potential email outages and ensure continuity. That way, institutions aren’t left waiting for important orders to be filled while the service is down.”
Trent explained, “Mimecast has trimmed about 80 to 85 percent of the time IT staff previously took managing emails.”
The Mimecast system, however, provides users with more control, allowing them to manage spam and either permit or block messages the system has flagged as suspicious – the IT department no longer has to be involved.
Back to the security features. Although Pharmacy Network Services had been reviewing spear-phishing as a threat for some time, and had previously enabled content filtering as part of its network infrastructure, the company is now able to successfully thwart attacks like the one mentioned earlier by using Mimecast’s Targeted Threat Protection. Under HIPAA, Pharmacy Network Services may have faced fines and a possible public acknowledgement of the attack, had it been successful.
Internally, the attack also proved to be an immediate learning experience for Pharmacy Network Services employees. The company sent out internal emails explaining spear-phishing and describing how the Mimecast system – through redirects and whitelisting – helps fight back against attacks.
With a proven email management system in place, and savvy employees as backup, Pharmacy Network Services – and its customers – should have secure and stable email communications for years to come.
This report, put together by HIMSS, pulls together research from multiple sources to help shed light on …