Customer stories

Banner Health

Banner Health transforms information discovery and security with OpenText EnCase solutions. Nonprofit healthcare provider employs OpenText EnCase Information Assurance (formerly EnCase eDiscovery) and OpenText EnCase Endpoint Investigator to accelerate eDiscovery processes and data security

Challenges

  • Existing system couldn’t meet rising cybersecurity threats and litigation needs
  • Time-consuming manual processes slowed eDiscovery data collection
  • Lengthy delays in investigations hampered incident response

Results

  • Accelerates eDiscovery to defensibly collect data across the enterprise

  • Enables a comprehensive approach to rapid incident management and response

  • Increases efficiency, productivity and time savings

Story

Although they operate far from the emergency room, Banner Health’s Cyber Incident Management & Forensics team supports the organization’s commitment to patient care through the innovative use of OpenText™ EnCase™ Information Assurance and OpenText™ EnCase™ Endpoint Investigator. From data security incident response to compliance with legal requests for electronic information (eDiscovery), the team is entrusted with managing and protecting the company’s data. With both cybersecurity threats and litigation on the rise, Banner Health determined its existing systems could not meet the company’s increasingly critical needs and sought other methods to accelerate data security response.

A nurse showing something to a patient on a laptop.

We already had OpenText EnCase eDiscovery as a forensic solution. While we considered opportunities with other products, ultimately we came right back to OpenText. With OpenText EnCase Endpoint Investigator, we partnered with an organization whose product had a proven track record.

Sam E. Buhrow
Director of Cyber Incident Management & Forensics, Banner Health

“Our top priority is always our patients’ healthcare and their right to data security protection. We go to extremes to vet any new technology to make sure it is safe, because we are dealing with collecting data that could affect the patient,” said Sam E. Buhrow, director of Cyber Incident Management & Forensics at Banner Health. “We already had OpenText EnCase eDiscovery as a forensic solution. While we considered opportunities with other products, ultimately we came right back to OpenText. With OpenText EnCase Endpoint Investigator, we partnered with an organization whose product had a proven track record.”

EnCase Information Assurance provides Banner Health with 360-degree visibility across all endpoints, devices and networks to enable forensically sound data collection for litigation. The automated solution allows the company to collect and preserve potentially relevant data from multiple data sources, with a process that ensures strict chain of custody and executes legal hold in a defensible manner.

In addition, EnCase Endpoint Investigator, supported by OpenText Professional Services consultants, collects and analyzes data for incident response and investigation. When a security alert is received, the solution’s advanced digital forensic tools collects relevant data to quickly assess the situation and respond accordingly. “When an alert comes in, my team will use OpenText EnCase Endpoint Investigator to collect memory, look at the state of the systems and try to find any indication of compromise. We are able to quickly triage and determine if this is an actual security event,” Buhrow said.

Automating and accelerating many time-consuming processes, such as information collection, enables Banner Health to significantly improve its efficiency across all fronts. For example, the team has dramatically reduced incident response times for eDiscovery requests. “With OpenText EnCase Information Assurance, the time to collect and provide data for third-party requests dropped from three to four weeks down to six hours,” Buhrow reported.

Investigation and incident resolution has seen equally remarkable improvements. EnCase Information Assurance, supported by the expertise of Professional Services, provides immediate and thorough digital investigations. They search, collect, preserve and analyze data from anywhere on the corporate network.

“With incident responses in the past, it could take up to one week to pull the information, parse it and demonstrate in an understandable format that a security event had happened. By using OpenText EnCase Endpoint Investigator, we are able to pull those assets together very quickly,” Buhrow explained. “In a recent HR investigation, my team gave HR a full report with everything they needed in four hours. The amount of time that the OpenText solution saves has been dramatic.”

With OpenText EnCase Information Assurance, the time to collect and provide data for thirdparty requests has dropped from three to four weeks down to six hours.

Sam E. Buhrow
Director of Cyber Incident Management & Forensics, Banner Health

Looking at past metrics, Buhrow noted that some investigations and incident responses were often still unresolved at the 30- or even 60-day mark: “If you have an incident that’s still open after 30 days, that is cause for concern. With OpenText EnCase Endpoint Investigator, we have gone from 60-day and 90-day resolutions down to 30 days or less.” This newfound efficiency not only results in faster responses to requests and incidents, it also bolsters the team’s reputation with stakeholders, such as HR and legal. “The faster we can provide a response to our internal customers, the more confidence they have that when something big and bad happens, we are able to urgently identify and resolve the issue,” Buhrow said.

During a recent incident response, the team rapidly pulled information and triaged the situation. Within an hour and a half, they had a working theory as to the nature of the incident, which caught the attention of executives, reported Buhrow. “We had senior leadership saying, ‘Wow, we have the right people with the right tools.’ They just could not believe the results with OpenText. The last time a similar incident happened, it took nearly six days before they were able to resolve it.”

Banner Health credits the success of the solution in part to the valued partnership with Professional Services, which helps the company get the most out of the OpenText EnCase solutions. By leveraging the expertise of Professional Services, the team developed processes, playbooks and tools to accelerate incident response and maximize efficiency. “OpenText has really been very valuable to us. To have OpenText Professional Services support us and be a trusted partner is a real value,” Buhrow noted.

About Banner Health

Headquartered in Phoenix, Arizona, Banner Health is one of the largest nonprofit healthcare systems in the U.S., with close to 500 medical facilities across six states, including hospitals, urgent care facilities and rehabilitation centers. In a single year, Banner Health sees more than a million emergency room visits, runs close to five million blood tests and delivers more than 30,000 babies.