Location: Dallas, TX
Protected Mailboxes: 8,000
Phishing for Patient Data Among Healthcare Providers
Credential phishing scammers target healthcare organizations for patient data. The resulting data breaches are the costliest of any industry—$9.23 million on average in 2021, up 29.5% from 2020 per the Ponemon Institute.
Since deployment, Abnormal has prevented hundreds of credential phishing attacks, resulting in zero compromised accounts, to date.
Prioritizing Exceptional Patient Care and Seamless Security
As one of the largest home care providers in the United States, Elara Caring serves patients with skilled nursing, behavioral health, palliative, hospice, and personal care services. “Patients and families usually prefer home healthcare because they don’t have to go somewhere unfamiliar. They’re more comfortable and can heal faster at home,” states Eric Bowerman, Chief Information Security Officer. “Easier access drives our mission to be a single source of holistic home care.”
To serve 60,000+ patients across 16 states, Elara Caring navigates a mosaic of state and federal data privacy regulations, including HIPAA. Elara Caring also operates in a competitive talent market. “The healthcare industry has significant turnover, and outdated technology can interfere with a good employee experience. On the cybersecurity team, we have the opportunity to make security more seamless, which can make work less stressful and more enjoyable,” Bowerman said. For example, email security that stops phishing emails reliably spares employees from the stress of assessing and reporting potential threats.
Healthcare has the highest data breach costs of any industry, according to the Ponemon Institute. According to the 2022 Healthcare Information and Management Systems Society report, phishing caused 45% of significant security incidents over the last year. When Bowerman joined Elara Caring as its CISO in mid-2021, he saw employees struggle to sort authentic messages from email attacks, showcasing how this threat was impacting the company. He knew there was a better solution to protect patient data and improve the employee experience.
“For our clinical professionals in the field, Abnormal reduces the number of daily questionable email interactions, so they’re free to focus their attention on quality patient care instead of worrying about getting phished.”
—Eric Bowerman, Chief Information Security Officer
Elara Caring Needed Stronger Safeguards To Support Caregivers and Protect Patient Data
“Most of the security applications and tools we’ve acquired focus on making it easier for our caregivers in the field to care for our patients,” Bowerman said. “Our goal is to reduce stress for our field users, like worrying if it’s safe to click on an email they’ve received.”
Microsoft 365 email security caught basic threats, but the company’s secure email gateway was letting advanced threats reach employee mailboxes. “When we added Abnormal Integrated Cloud Email Security (ICES), we liked the fact that it blocked the advanced threats that were trying to phish someone’s credentials or money,” Bowerman said.
Abnormal ICES also solved another employee experience problem for Elara Caring. “Our secure email gateway delivered a digest every six hours. In some cases, employees needed to get one-time passwords via email to access systems in the field. Those passwords are usually only good for a short time and there was no way to release those messages faster. Now, they can manage that access themselves, so it’s a better, more efficient experience.”
Less Stress for Employees, Executives, and the Security Team
The inbox security improvements that Abnormal delivered also helped reduce executive leadership worries about data breaches that could expose patient data and lead to expensive regulatory penalties and remediation costs. “We are required to comply with HIPAA data protection rules, and protecting our patients’ information is always a top priority,” Bowerman said. “Abnormal helps us do that.”
While credential phishing accounted for half of the advanced threats detected by Abnormal, ICES also detected attempts to trick the payroll team into diverting paychecks to fraudsters’ accounts, and business email compromise attacks that impersonated company leaders. “With hundreds of attacks stopped by Abnormal within the first 90 days alone, I no longer worry about our people clicking on the wrong thing or corresponding with a threat actor,” Bowerman said.
Elara Caring Is More Efficient and Maintains Compliance With Abnormal ICES
When Bowerman and his team saw how many threats Abnormal found that their other layers of email security had missed, it was a lightbulb moment. “We were ready to turn it on the next day. Abnormal provided a simple setup and ease of use that was a huge value to our operations staff because we don’t have time for a week of training for a new email security solution.” Abnormal also freed Bowerman’s team to decommission their secure email gateway, which saves money in the long run.
Abnormal ICES has reduced employees’ stress about their inboxes, improving their caregiving experience to support retention. “It also saves time,” Bowerman said. “Before, employees had to report each suspicious email. Even five minutes a day is 25 or 30 wasted minutes a week per inbox. Now our caregivers can focus on their work, not distractions.”
With Abnormal, Elara Caring is better protected from expensive, trust-breaking data breaches, payroll fraud, and ransomware attacks, so the company is also less vulnerable to data privacy compliance violations. “That’s critical to the executive leadership team and the day-to-day work experience,” Bowerman stated. “The threat from phishing was always in our face. Now it’s solved with Abnormal’s dependable solution.”
“Being able to fully protect our executives and all of our employees with Abnormal Integrated Cloud Email Security has been a huge win in terms of security, efficiency, and email user experience.”
—Eric Bowerman, Chief Information Security Officer
Abnormal Enables Elara Caring To Focus On Patient Care and Data Privacy
With Abnormal ICES catching advanced threats that evade traditional secure email gateways, everyone from front-line caregivers to the executive team worries less about email’s potential impact on patient care. “I feel confident now with Microsoft Defender, Abnormal ICES, and good endpoint security,” Bowerman said.
He’s also confident that Abnormal will help him reach his employee and patient experience goals. “I can get a product from anybody. I need a partner we can trust to do the right thing for us. That’s the experience we’ve had with Abnormal.”