Top Healthcare RCM Company Enhances PHI Safeguards with Symmetry
ABOUT
Industry:
Healthcare, Fintech
Size:
10K+ Employees
Cloud Services:
AWS
- Azure Blob Storage
- Microsoft SQL
- Amazon S3
- DynamoDB
- MySQL
- Snowflake
- Cosmos DB
- Onedrive
- MongoDB
ABOUT CUSTOMER
A leading provider of revenue cycle management services helps healthcare organizations optimize their financial operations. By leveraging technology, they streamline processes such as billing, claims management, patient scheduling, and financial counseling.
Their goal is to improve operational efficiency, reduce costs, and enhance the overall patient experience.
The Challenge:
Data Sprawl and Privilege Creep from Aggressive M&A
In the complex landscape of healthcare financial operations, our client—a leading revenue cycle management provider—found itself wrestling with a critical data sprawl problem. Years of aggressive acquisitions had created a sprawling, fragmented spaghetti web of permissions to their data riddled with least privilege challenges. Legacy data classification tools were failing to extend to the cloud environments they used and scale, leaving the organization exposed to significant risks of PHI and PCI data breaches.
Key challenges included:
Data Sprawl and Privilege Creep: Addressing fragmented data stores and a mess of permissions from multiple acquisitions, most notably multiple Microsoft 365 consolidations leaving sensitive information accessible to a much broader audience than needed.
Regulatory Compliance: Ensuring alignment with HIPAA and PCI DSS 4.0, particularly the continuous monitoring and validation requirements.
Comprehensive Visibility: Lack of detailed insights into data flows, access patterns, and the status of sensitive assets across a wide range of data stores.
The Goal:
Visibility AND Control of “Who has Access to PHI”
Beyond traditional data classification, the organization sought a holistic data security strategy that would transform their approach to sensitive information management. Their vision extended far beyond simple discovery and classification —they needed a solution capable of proactively identifying, monitoring, and mitigating complex data risks.
The goal was comprehensive – to create a robust framework that could:
- discover unknown data stores, identities,
- Drive least privilege across their environment,
- Detect anomalous usage patterns,
- Identify and help manage privileged access, and
- Not introduce additional compliance headaches by transferring data outside the compliance boundary,
- Provide real-time insights into potential data exfiltration risks.
This required a sophisticated approach to tracking both internal data flows and identifying third-party access, ensuring complete visibility and control across their increasingly complex digital ecosystem.
Why Symmetry:
What made Symmetry thre Right Choice?
The healthcare organization selected Symmetry Systems’ DSPM platform to address the critical shortcomings of legacy data classification tools, which struggled with poor accuracy, limited hybrid cloud coverage, and excessive manual overhead. Symmetry’s innovative solution provided a comprehensive, healthcare-optimized approach that transformed the organization’s data security posture.
- Unmatched Classification Accuracy: Symmetry excelled at identifying and classifying complex healthcare data types during the proof of concept. Benchmarking indicates Symmetry’s classification accuracy consistently outperforms other tools, reducing false positives and uncovering previously undetected sensitive data.
- Deployment Within the Customer’s Environment: Symmetry’s solution was able to operate entirely within the customer’s environment, thereby inheriting all existing production controls and ensuring uncompromised data security. This approach aligned with the organization’s stringent security and compliance requirements for Personal Health Information (PHI)
- Comprehensive Coverage: Symmetry was able to cover the majority of the customer’s data stores, identity providers and log sources outside the box.
- Exceptional Customer Support: Symmetry’s dedicated customer success team provided hands-on guidance throughout deployment and beyond, offering rapid response times and customized support to address the organization’s unique challenges. This proactive partnership ensured the organization maximized the value of the DSPM platform.
- Enhanced Visibility and Insights: Detailed analysis of data access patterns provided the organization with unparalleled visibility, enabling proactive risk mitigation and faster incident response.
These features made Symmetry an ideal partner for improving the company’s data security posture while addressing the specific challenges posed by PHI.
The Outcomes: PCI DSS 4.0 Ready & Cost Savings in the Bank
Symmetry’s DSPM solution delivered measurable results, transforming the organization’s understanding of their cloud environment and identities, enhancing their security posture, and supporting future strategic initiatives.
Environmental Visibility
Symmetry uncovered critical gaps in the security teams knowledge of the organization’s cloud infrastructure, providing a comprehensive inventory of the cloud environments data stores and associated risks, including:
- Identified 40 previously unknown internal accounts introduced through a recent acquisition.
Data Discovery and Inventory
Symmetry enabled the organization to uncover unknown accounts, data stores, and identities, reconstructing historical data flows to gain a complete inventory of data. This led to improved oversight and coverage of data stores across their environment :
Management of Non-Human Identities
Symmetry provided new insight into the organization’s use of non-human identities, specifically service accounts, shedding light on usage and operations, highlighting areas of risk and inefficiency:
- Discovered 95 service accounts associated with an outdated and unused domain, highlighting overlooked security gaps.
- Found 190 dormant service accounts inactive for over a year, posing unnecessary risk and signaling a need for improved lifecycle management.
These findings enabled them to take targeted actions to reduce risk, streamline operations, and improve overall security practices.
Reducation of Attack Surface
Symmetry’s analysis revealed over-permissioned access
- Detected 659 excessively shared SharePoint files, some containing sensitive data, which increased the organization’s exposure.
- Enabled the reduction of access to over 5K files containing PHI, aligning the organization’s data management practices with security goals.
- Identified dormant users with access to sensitive data, including PHI
“Although it didn’t get the internal publicity of Netskope or Crowdstrike, Symmetry is just as important as the roll out of these tools if not bigger.”
CISO at Top Healthcare RCM Company
About Symmetry Systems
Symmetry Systems is the Data+AI Security Company. We safeguard data at scale, detect threats, ensure compliance & reduce AI risks, so you can Innovate with Confidence. Our Data Security Posture Management platform is engineered specifically to address modern data security and privacy challenges at scale from the data out, providing organizations the ability to innovate with confidence. With total visibility into what data you have, where it lives, who can access it, and how it’s being used, Symmetry safeguards your organization’s data from misuse, insider threats, and cybercriminals, as well as unintended exposure of sensitive IP and personal information through use of generative AI technologies.