Healthcare organization Liberein secures email with Mimecast
Faxing medical data?
- According to Liberein, it will no longer be possible under the General Data Protection Regulation (GDPR).The healthcare organization from Enschede, the Netherlands, banned the fax and switched completely to secure email for the exchange of sensitive information.
It may be hard to imagine, but healthcare institutions still frequently use fax machines. For pharmacists, the fax is even indispensable. In 2016, a survey among 140 pharmacies showed that 99 percent still use this device to communicate securely with hospital doctors, medical specialists, or other care providers. However, ICT manager Jaap van der Schoor has his doubt about Liberein‘s ‘secure communication’. “When exchanging information via fax, there is a high risk of data leaks. Documents containing personal data are frequently left behind on such a de vice.” Under the GDPR, an organization is obliged to report such a leak to the supervisory authority, which may result in reputational damage, a warning, or even a fine.
For Liberein, GDPR compliance was the most important reason for phasing out the fax and completely switching to email for the exchange of information. “Email has always been a business-critical process for us. In our fallback scenarios, it is even one of the most important processes,” Van der Schoor outlines. “If email is not available, communication with our clients and suppliers - and actually the entire company -will slowly grind to a halt.”
“But, partly due to phasing out the fax, we are also exchanging more and more medical data - and therefore, special personal data -by email,” the ICT manager continues. “In that case, security consisting of a firewall and a virus scanner is no longer sufficient.”
Email Car Wash
Together with ICT partner Deltics, Liberein looked into an email security solution. An important requirement for the new package was that both incoming and outgoing mail went ‘through the car wash’. Email scanning on mobile devices was another important issue for Liberein. “That soon excluded many solutions,” says Van der Schoor. Mimecast did stand up to scrutiny. The great ease of use is an additional advantage of Mimecast’s email security solution.
Van der Schoor: “Unlike many other solutions, Mimecast users do not need to enter a code to receive email. That way, they effectively don’t notice anything of the security.”
Implementation Mimecast S1
Liberein chose Mimecast’s S1 Advanced Threat Security, which fully protects its 1,400 employees from advanced attacks such as spear phishing and impersonation attacks. This cloud-based service also helps prevent data leaks. Secure Large File Send is also setup for a number of employees.
Liberein hardly had to worry about the two month implementation. “It was handled completely by Deltics,” explains Van der Schoor. “Deltics has been our ICT partner for many years and also has an advisory role. In addition, they are our partner when it comes to 24/7 monitoring and management.”
“We engaged S1 in two phases,” continues Vander Schoor. “In the first phase, we analyzed with which partners we communicate by email and determined whether this communication should be made secure. ”We then checked whether those partners can read Mimecast-secured email and can also send us secure email. In phase 2, we activated the protection.”
Like all organizations, Liberein also faces threats such as spam, phishing, and ransomware. “Following a ransomware attack, we recovered fairly easily by restoring a backup,” the ICT manager provides an example. “Now, however, everything is blocked even before any damage is done. Phishing emails, for example, will no longer get through.”
“In the area of email, we are now GDPR-proof,” concludes the ICT manager. “In order to accomplish this, it is not only import ant that we secure email well, but also that we can track email traffic. In the event of an incident, Mimecast allows us to see exactly who did what and when. We will then be better able to reconstruct the incident and account for it. With a standard Exchange solution with just a firewall, that’s difficult.”