June 24, 2013, Toronto, Canada – Messageware, (http://www.messageware.com), the world’s leading provider of enterprise security, productivity and customization solutions for Microsoft Office Outlook Web App (OWA), today announced that the United States’ fifth largest hospital system, Dignity Health, has selected Messageware OWA Guard to solve a variety of OWA security concerns.
Community hospitals today are facing great challenges given increasing uninsured and underinsured patients, rising healthcare costs and increased governmental regulations and oversight. With roots in the Catholic tradition of providing healthcare services for the poor, California-based Dignity Health is no exception.
The fifth largest hospital system in the nation and the largest not-for-profit hospital provider in California, Dignity Health lives up to its name everyday through a range of services, including urgent care, ambulatory surgery, imaging, home care, hospital and laboratory services. Considered to be a bedrock in the Arizona, California and Nevada communities they serve, this non-profit health system consisting of 39 hospitals and 250 ancillary care sites has a rich history of providing affordable care to those in need, including a large immigrant population.
Given their need to do more with less and a largely mobile staff base, Dignity Health relies on Outlook Web App (OWA) for anytime, anywhere email access. Nearly a third of their 60,000 employees, mainly doctors and nurses, count on OWA to help deliver patient care everyday as they work at command stations on computers shared with their colleagues. Dignity employees access OWA through a public-facing link on the organizations web site to work with staff members to coordinate care, access patient test results and much more. The OWA link is accessible by anyone on the Dignity Health site, a potential security exposure they would like to protect.
Following an upgrade to Microsoft Exchange Server 2007 and a re-architecture of their entire messaging environment, the organization began to grow concerned about the security risks and the HIPAA ramifications of exposing their email system publicly over the internet. They wanted to provide easy access for their users, but not at the expense of patient information. Over the last three years, Dignity had come to rely on Messageware to secure OWA attachments and restrict idle time, so it only made sense that they would turn to Messageware again to cure their logon security concerns.
“We wanted to continue to make it easy for our users to get the information they need quickly, but realized we also needed to be more proactive about preventing potential hackers and brute force attacks,” said Albert Madruga, Exchange Engineer for Dignity Health.
After looking at a number of different solutions, Dignity Health chose Messageware OWA Guard for logon security and analytics. OWA Guard is the first security product that is designed specifically to protect OWA users and their businesses from a variety of logon and password attacks, and to empower administrators with vital and timely information regarding the security health of their OWA Exchange infrastructure.
OWA Guard applies advanced sign-on security measures to provide both users and administrators with the information and tools they need to ensure the integrity of their users’ accounts and the corporation’s data. Dignity Health now has what they need: dynamic CAPTCHA, customizable logon policies and security checks, analytical reporting services, geo-blocking, the ability to generate automatic alerts and track and record all logon activity and much more.
“One of the reasons we went with OWA Guard is that we liked being able to see and log the activity,” said Madruga. “We could have added a simple CAPTCHA, but we liked the whole package of being able to geoblock and create reports.”
Soon after purchasing OWA Guard, Dignity installed it on all of their external facing CAS servers so they would have uniform interface and functionality, and could create both summary level and detailed reports to see where connections are coming from, which logins are failing and why. There were a few bumps in the road, which Dignity believes was largely due to their platform. “Messageware was great about working with us to fix everything and by January we were fully up and running,” said Madruga.
Over the last four months, Madruga has been checking the OWA Guard security logs daily and delving into the product’s robust reporting several times a week. “The reporting does what it’s supposed to do. We have users who complain they can’t login to OWA and every time we are able to pinpoint that it’s because they are using the wrong password,” he said. “It’s also been interesting for us to see things that are trending so that we can anticipate if a security breach is likely to happen.”
As a regional healthcare provider, geoblocking has also been incredibly helpful. The company is currently blocking any traffic from countries and continents that are known for spamming, including Russia, China, Korea and the Middle East. “Because we are a regional company, it’s not often that we do business with companies outside of the states in which we operate,” said Madruga. As such, the company envisions a time when they can fine-tune their geoblocking and minimize their risk even more.
“Peace of mind that we are protecting patient information and ensuring we are meeting regulations is important to us and we have both of those with OWA Guard,” said Madruga.