Independence Care System
Independence Care System (ICS) operates a nonprofit Medicaid managed long-term healthcare plan serving residents in the New York City area. Founded in 2000, the organization supports more than 6,000 adults with physical disabilities and chronic conditions. The 350 ICS employees are committed to serving members whose needs are unmet in other long-term care facilities.
For Independence Care System, safeguarding the integrity of its network and member records is a sacred trust. The nonprofit organization works closely with local healthcare providers to serve members of the community with severe disabilities or mobility issues. To protect member privacy, as well as its own reputation, ICS has made regulatory compliance a top business priority.
“If we’re not compliant with the Health Insurance Portability and Accountability Act (HIPAA), we risk being heavily fined,” says Felix Castro, Director of IT at ICS. “And whenever you have a compliance issue, such as a security breach, you have to report that to your members, which impacts their confidence in us. These people are giving us their data, and they expect us to keep it safe. Security has direct business implications for us.”
Maintaining business continuity is also crucial for ICS, because the organization relies on its network to support its most important business applications throughout its five locations.
“If our network goes down, it takes all of our business processes down with it,” says Castro. “All of our appointment and scheduling systems are network-based, and they contain all of our member records, prescription information and physician information. Our network is simply mission critical.”
To meet these needs, ICS was seeking a complete security solution that would simplify regulatory compliance, and protect the organization against security threats that could impact network performance. The solution would have to be easy to expand and modify to meet changing needs, and provide centralized management to simplify and streamline network administration for the firm’s IT staff.
The Check Point Solution
ICS has an ongoing initiative to be 100 percent HIPAA compliant, and is continually looking at ways to improve the security and manageability of its network. As part of this initiative, the firm decided to replace its aging firewalls with Check Point 4600 and 2200 Next Generation Security Appliances. ICS added a full array of Check Point Software Blades to protect the organization against suspicious web threats, viruses, bots and other security issues. Each appliance also includes the Check Point Compliance Software Blade, a dedicated solution to help ensure compliance best practices.
Best Practices and Deep Visibility for Compliance
The Check Point Compliance Software Blade monitors management, software blades and security gateways to constantly validate that the ICS Check Point environment is configured in the best way possible. Designed specifically for environments where industry or government compliance is a top concern, the blade provides 24/7 security monitoring, security alerts on policy violations and out-of-the-box audit reports.
“Our compliance software blade brings together all the best practices we need for HIPAA compliance,” says Castro. “We have hired security consultants to audit our network, and they have advised us that the fact that we own and use the Compliance Software Blade is a major plus.”
To further enhance its proactive threat protection, ICS is also adding the Check Point SmartEvent Software Blade to its solution. SmartEvent correlates events on the firm’s network for greater visibility and faster remediation.
“SmartEvent will help enhance our compliance,” says Castro. “We can identify patterns and alert specific IT staff if a security issue occurs. We need to be able to report when a security issue occurs, and what our remediation was.”
Highest Level of Business Continuity
Without dependable network performance, ICS would quickly grind to a halt. To maintain the highest level of business continuity, the organization employed a resilient, cost-effective architecture that can quickly recover in the event of a gateway outage.
“We are a nonprofit organization, and it would be costly to license a separate Compliance Software Blade at each site,” says Castro. “So I decided to virtualize it so that I can replicate it to my other sites. My biggest concern had been the ability to manage a gateway in the event my links go down. This solution takes care of the issue, and we have been very happy with it.”
Simple, Complete Security Management
Centralized management was a top objective for ICS, and the Check Point solution lets the organization monitor all of its activity from a single dashboard. This consolidated view helps Castro and his team to spot potential issues faster and fix them before they impact the rest of the organization.
“With Check Point, I have one set of logs for all the different departments in our organization, so I can see what the trends are,” says Castro. “For example, if a specific office is streaming lots of video, I may want to cap the bandwidth in that office. Check Point gives me great visibility into what is happening across the organization. I didn’t have that before.”
Flexible appliance helps ensure compliance and protects against the most advanced threats
Easy-to-use dashboard simplifies management and improves network insight
Scalable solution makes it easy to support new applications