Pacific Dental Services secures access to clinical resources for over 900 dental practices

Dental Support Organization Protects Thousands of Team Members and Clinicians Across the U.S. with CyberArk

Summary

The protection of thousands of patients, over 900 dental practices, and 14,000 team members across the U.S. used to weigh heavily on the mind of Nemi George, VP & CISO, Information Security at Pacific Dental Services, a leading dental support organization (DSO). Privileged accounts were difficult to manage and control, passwords were written down in a spreadsheet and admin rights remained on some mobile devices for years. Fast forward to the rollout of CyberArk. Now George has detailed insights into his environment, access and credentials are secure, and patient information is protected while users are enjoying a frictionless experience accessing the resources they need to do their jobs.

Company profile

Founded in 1994, Pacific Dental Services (PDS) is one of the nation’s leading dental support organizations, providing business services, support staff, training and education, IT and products to enable dentists to concentrate on clinical excellence and the highest levels of comprehensive patient care. PDS supports over 900 dental offices across 25 states. The company has been on the Inc. 5000 list of the fastest growing privately held companies in America 14 times.

Employees: 14,000

Challenges

Surprisingly, one of the most prolific cybersecurity issues that the company faced was not cyberattacks but rather misconfiguration, according to Nemi George, VP & CISO, Information Security at Pacific Dental Services.

“Everyone talks about hackers, breaches, and other cyber threats. But when you strip it down, most incidents start with you doing things wrong. I read recently that 82% of all cybersecurity incidents result from misconfigurations,” shared George. “But, in the middle of the night, what eats away at me is ransomware. I work in healthcare, and the impact would be severe.”

PDS is one of the largest dental support organizations in the U.S., delivering a wide range of essential operational, business, and IT services to over 900 dental practices coast-to-coast. PDS is responsible for protecting the personal and sensitive healthcare information of dentists and their patients across the country as well as 4,000 corporate and 10,000 practice-based team members.

The problem facing George was how to control this large, dispersed and growing number of privileged accounts, passwords and mobile devices.

Geographically dispersed teams all having high privileged access compounded the problem. In addition, users were logging into accounts and services with fixed credentials and there was no way to regulate or monitor this activity. PDS team members have access to approximately 20,000 clinical service websites. At one time, passwords for these sites were recorded on an intranet-hosted spreadsheet. “Apart from the obvious security issue here, I had to deal with an even bigger problem,” recalled George. “Passwords were easily mistyped or even deleted and as one person reset a password, someone else 5,000 miles away was doing the same thing. It was a chaotic situation.”

In addition, PDS manages over 5,000 laptops and mobile devices for team members based at their National Support Offices and a good number of remote / mobile team members. Admin rights were being granted, often for basic things like installing a web camera or updating a driver. Users who didn’t have local admin rights had to contact the IT Service Desk for something that should normally only take a few minutes. But then those admin accounts would stay with the device, sometimes for years. If any one of those accounts was compromised, an attacker could access and move laterally across the environment.

PDS needed a better way to monitor and manage user access across this environment.

Solutions

To better manage its own business and deliver online services and resources to its supported dental practices, PDS was looking for a cloud-first strategy and needed to transition from its legacy, on-premises environment. After an extensive review of various solutions, PDS decided to partner with CyberArk.

“CyberArk has been the market leader for some time,” stated George. “I found that other vendors were often going through various acquisitions and mergers. CyberArk is stable, and that was important to us as we were selecting and investing in a security partner.”

In line with its cloud-first strategy, PDS has migrated from CyberArk Privilege Self-Hosted to CyberArk Privilege Cloud. “We went from on-premises to cloud, and as an administrator, the difference was night and day,” added Tim Stranak, Security Architect at PDS. “Switching over to Privilege Cloud was the best choice we have made because it is so easy to use, and it removed many manual processes.”
PDS has deployed a CyberArk solution comprising three applications:

  • CyberArk Privilege Cloud is used by 2,000 IT staff to access various devices and applications.
  • CyberArk Workforce Password Management securely stores and manages credentials for approximately 20,000 provider websites and online services.
  • CyberArk Endpoint Privilege Manager is installed on 5,000 laptops and roaming devices used by corporate staff and those working in supported dental practices.

PDS is also starting to manage, rotate and secure secrets used by applications by implementing CyberArk Secrets Manager. This allows the company to centrally secure all human and non-human identities with one Identity Security platform, keep applications and automation tools secure and reduce complexity and burden on developers. PDS used CyberArk Consulting Services along with the CyberArk Jump Start, CyberArk Blueprint and CyberArk Customer Success Manager toolkits to complete a fast, efficient and successful implementation.

To accomplish this, PDS established a strong working partnership with CyberArk. “In technology, nothing is perfect, and things break, but the most important thing is the willingness of a partner to work with you to correct the issue,” explained George. “With CyberArk, we are able to build on the fly. They understand us and our business, and that is worth its weight in gold.”

Results

“For me, CyberArk is vital. If I take my security stack and look at the top three vendors we use, CyberArk is right up there,” said George.

“Knowing I can manage privileges and passwords and do so at scale without impacting the business is one of the biggest benefits I get from CyberArk.”
Nemi George, VP & CISO, Information Security at Pacific Dental Services

CyberArk provides a clear and accurate picture of all the privileged accounts across PDS’ environment. The solution makes it easy to know which accounts are privileged, what those privileges are and all the dependencies. CyberArk enforces a level of discipline that would be difficult to instill in the business otherwise. “A tool like CyberArk allows us to implement strong security policies but also to make those practices easy, so people can work without security getting in the way,” added George. “It also gives us the ability to do full audit and replay sessions and incidents step-by-step.”

CyberArk Workforce Password Management has replaced the password spreadsheet. Integrated with Okta single sign-on service, it helps users gain instant access to all the websites they are entitled to use and securely share passwords internally. With CyberArk Endpoint Privilege Manager, PDS has removed the need to give everyone admin rights individually for an endpoint. Instead, just- in-time access is granted for a specific task and then removed, protecting the device and whole business from attack, without restricting the user.

George is also getting positive feedback on the impact of CyberArk from team members with comments like: “I am loving this! The ease of sign-in and navigating the titles is very efficient.” “I am thoroughly excited as this makes some of our processes streamlined and easier,” and “I found this to be very helpful, and I am excited for the future with CyberArk.”
In addition to better security and operational improvements, CyberArk helps reduce insurance costs. “In cyber insurance, privilege escalation is far and away the most significant reason why premiums are so elevated,” posited George.

“Having CyberArk is an effective control to show that we manage privileges well and combined with other solutions like multifactor authentication, we are able to get our premiums to an affordable level.”
Nemi George, VP & CISO, Information Security at Pacific Dental Services

Because PDS operates in the healthcare sector, it is governed by HIPAA (the Health Insurance Portability and Accountability Act of 1996), a law that protects sensitive patient health information. CyberArk helps PDS meet HIPAA standards for managing privileged access.

CyberArk also benefits PDS-supported dentists and their patients. As well as building a more secure environment, providers experience less downtime when accessing clinical resources, productivity increases and more time can be spent on patient care. “When a patient walks into one of our supported practices, they are not left waiting and worrying whether their dental insurance premiums will be paid. CyberArk makes the overall patient experience better, and that is a high priority,” concluded George.

Key benefits

  • Helps dentists increase productivity and spend more time on patient care.
  • Provides a clear and accurate picture of all privileged accounts.
  • Makes it easy for users to login to all apps without remembering or keeping track of their passwords.
  • Enables strong security processes without impeding productivity.
  • Reduces cyber insurance costs.
  • Meets HIPAA standards for protecting patient healthcare information.
  • Generates positive feedback from users.

Talk to an expert

Understand the key components of an Identity Security strategy

Get a first-hand look at CyberArk solutions

Identify next steps in your Identity Security journey