Customer Profile
As one of the nation’s most comprehensive, integrated academic health care delivery systems, this major New York City hospital system is among the top ten hospitals in the USA. They have multiple divisions that serve patients in the New York metropolitan area, nationally, and throughout the globe.
Although company policy prohibits them from being named in a case study, their use case and selection process for FTK Enterprise represents a common scenario that many major medical organizations share in today’s digital world.
Situation
The hospital was not actively looking for a new solution, but when their current forensic collection vendor made a major change to their pricing model, they were open to a replacement, and found the functionality and speed they didn’t even know they were missing.
“We were looking for something that met, or exceeded, the functionality we had with our previous product. And, we wanted to make sure the new solution could work with the same types of data and the volume of data we have,” said their Manager of Vulnerability Assessment.
They were interested in having the ability to collect from any device on their network. After seeing FTK Enterprise in action, the hospital made the decision to switch over.
It’s not surprising that the hospital system’s biggest concern is data security. According to the 2020 Verizon Data Breach Report, “financially motivated criminals continue to target (the healthcare) industry via ransomware attacks” with 51% reporting external threat actors as the culprit and personal (77% ) and medical (67%) data being compromised.
Every day, our customers and their many divisions are faced with phishing scams, the delivery method of choice for ransomware, and the threat of people trying to hack their network. Having a tool like FTK Enterprise allows them to remotely preview and collect from endpoints on their network to identify and analyze a network breach and perform post- incident response forensics.
The Solution
“The ease of use is much better with AccessData. The acquisition of hard disks is faster, which has exceeded our expectations, since our previous product was much slower,” our contact said. The hospital hasn’t had a need to do a lot of endpoint collections as, “we are now mostly performing routine HR requests; they are all remote collections from endpoints connected to the VPN.”
“Many of them are remote collections from people working from home because of COVID-19,” he explained. Their previous solution involved a mostly reactive process where they would have to physically pull the image off the hard drive and bring it back to the forensics lab for analysis. With the AccessData agent, they are able to complete this task remotely and automatically.
After using FTK Enterprise for more than a year, they report that the transition was easy. They note how easy it was to work with AccessData from negotiation through implementation, and value the close communication with our team. They also loved the agents being bundled into the total product price, as opposed to being an additional fee as required by their previous vendor.
The team saw additional value when it came time to determine how much of an issue the retirement of Adobe® Flash was going to be. They used FTK Enterprise to search through each workstation, pulling timestamps of the application’s last use date. They also plan to use FTK Enterprise for an upcoming software inventory.
Looking Forward
As the evolution of their new solution continues, the hospital sytsem is interested in exploring the AccessData API to enhance their Splunk workflow. When an alarm is triggered in Splunk® or other cyber platform, an alert can be received by FTK Enterprise, which initiates a collection job at a designated endpoint based on pre-defined collection criteria. This maximizes the speed of incident response and initiates the immediate preservation of electronic evidence that could prove crucial in the digital investigation.
Conclusion
FTK Enterprise is a solution that provides deep visibility into live data directly at the endpoint which helps to conduct faster, more targeted enterprise-wide internal investigations, including post-breach, HR and regulatory, all in a single, robust solution. FTK Enterprise allows users to respond quickly, remotely and covertly while maintaining chain of custody, and facilitate focused forensic investigations and post-breach analysis, without interruption to business operations.