X

Due to the nature of its business, Trusource has access to vast client databases housing personally identifiable information for tens of thousands of individuals. That means a security breach could have devastating consequences, so the company is always concerned about email security and phishing attacks. With global clients representing a broad range of industries, including healthcare and financial services, Trusource must ensure compliance with a whole spectrum of regulations in its handling of client data. What’s more, as a rapidly growing business that ramps up quickly during seasonal periods, its IT team must always be wary of potential malicious actors among its own workforce. For these reasons and others, Trusource knew it needed more than the endpoint and firewall protection it had in place. It sought an all-encompassing security solution that could defend against potential threats anywhere and anytime, without exhausting its existing IT staff and resources. Trusource considered building a security operations center (SOC) internally, but in the end decided a SOC-as-a-service solution was the best choice.

Most security vendors focus on Internet and network perimeter defense, but in today’s threat environment that is not enough. Security experts agree that the best strategy is not to assume that you can keep breaches from happening, but to have a robust detection and response program in place for when a breach occurs. Mobile workers and the Internet of Things have increased the attack surface exponentially, and there is no way to ensure that bad actors will not find a way into a company’s network. Many enterprises have realized this and rely on a security operations center (SOC) for end-to-end security. As cybercriminals have become more sophisticated, SOCs have become an essential part of modern cybersecurity. However, SOCs are complex and costly, often costing companies millions of dollars. Large enterprises enjoy the luxury of a large budget to support this cost, but SMBs and smaller enterprises do not, yet they face many of the same security, audit and compliance challenges. Centre understood this market dynamic and realized that a more comprehensive SOC service would be the best solution for its customers and differentiate them in the market.

Jackson Parish Hospital faced significant challenges in managing its IT infrastructure and ensuring cybersecurity. With limited IT resources and expertise, the hospital struggled to monitor a diverse environment that included endpoints, physical and virtual servers, and cloud services. Compliance with HIPAA and PCI DSS was also a critical requirement. The hospital's IT infrastructure was outdated, and there was a lack of comprehensive visibility and documentation. Dr. Jason Thomas, the COO and CIO, recognized the need for a solution that could provide visibility, ensure compliance, and proactively address cybersecurity threats.

Valley Strong Credit Union faced significant challenges in maintaining visibility across a diverse IT environment, monitoring and responding to security incidents, and locating, training, and retaining IT and security expertise. The credit union's IT infrastructure includes over 600 workstations, nearly 200 servers, and various IP phones, routers, switches, and access points. The 36-member IT team, including a small team of security specialists, struggled to protect member data and oversee the diverse environment. Additionally, the technology hubs of Southern California and Silicon Valley attracted much of the local talent, making it difficult for Valley Strong to find and retain skilled IT professionals. The credit union initially tried to monitor its environment internally and later engaged Dell SecureWorks as a managed security service provider (MSSP). However, SecureWorks could not meet Valley Strong's security requirements or provide the necessary business flexibility.

Prior to considering a managed detection and response solution, the company had no comprehensive approach to holistically monitor infrastructure or glean security insights from log data generated by its various IT systems. Its IT team had a small set of internal monitoring tools to monitor specific systems, but knew it lacked visibility and risked missing significant threats. According to an information security manager for the firm: “We told the board we had to improve how we monitored the environment. In particular, we needed to be more responsive to threats and to the unique nature of AWS environments.” The firm considered various options. The choices narrowed down to: (1) Establishing their own security operations center (SOC) on-premises using a LogRhythm security information and event management (SIEM) platform or (2) Leveraging a managed security service offering. It didn’t take long, however, to realize that going the LogRhythm route and then needing to hire a dedicated staff to run an inhouse SOC was cost-prohibitive. This remained true even when considering a LogRhythm SIEM co-managed through a third party. The firm then evaluated the managed security service provider (MSSP) model from AT&T, but found the AT&T offering lacked the “named” team provided by Arctic Wolf and might not provide the necessary attention to the company’s needs.

Roper Pump faced significant challenges in managing and securing a diverse and distributed network. The company lacked visibility into its infrastructure, which included over 300 workstations, 125 servers, and AWS cloud infrastructure. Additionally, the IT team was constrained by limited resources and needed to satisfy risk management questionnaires from strategic customers. The increasing threat environment and the need to protect valuable intellectual property further complicated the situation. The company required a comprehensive solution to monitor its infrastructure and gather security insights from log data generated by its various IT systems.

Steptoe and Johnson LLP faced significant cybersecurity challenges, including incomplete security coverage at their internet gateways, non-actionable log information, and an overstretched security team. The firm needed to protect critical client data across multiple countries and offices, which required robust security measures. Their existing SIEM was not properly tuned and functioned more like a spam relay, making it difficult to manage the increasing digital risks and threats effectively.

Agero, a leading provider of digital driver assistance services, faced significant challenges as it transitioned to operating nearly 100% in the cloud. The company needed to secure its extensive AWS environment, which included services like AWS Lambda, AWS DynamoDB, Amazon S3, Kinesis, and Amazon Redshift. With over 150 engineers working in this environment, the complexity of managing security and eliminating vulnerabilities increased. Agero required a solution that could provide 24x7 monitoring and detection, integrate with existing security tools, and offer comprehensive visibility across its network. The company also faced the challenge of recruiting and training a large number of security experts to manage a 24x7 security operations center, which was both time-consuming and resource-intensive.

When it comes to data security, architectural and engineering firm DLZ doesn’t have room for error. Due to its frequent collaboration with federal agencies on a range of vital infrastructure projects—including designing national border walls, courthouses, and federal dams—DLZ is responsible for securely storing hundreds of design documents that carry a controlled unclassified information (CUI) designation. For this reason, when DLZ’s IT team first noticed suspicious network activity early one Monday when a ransomware attack was launched, they quickly acted. DLZ’s IT team noticed the ransomware attack quickly enough to shut down the network and stop it from becoming a full-fledged assault. But the unnerving experience was more than enough motivation for Seaver and his team to explore security operations solutions that would help further protect the firm from this type of situation, as well as other potential security risks, in the future. Finding a managed solution that would help the organization uncover vulnerabilities and immediately alert DLZ’s IT team at the earliest sign of a potential threat was essential. Additionally, the firm sought always-on 24x7 monitoring that would continually track and assess cyberthreats, especially during nights and weekends when the IT team was out of the office. What’s more, DLZ hoped to find a managed detection and response (MDR) tool that would seamlessly integrate with the Mimecast, Zscaler, and CrowdStrike security tools it was already using.

Beyond saving lives and improving patient quality of life, the healthcare industry faces another daunting task—safeguarding patient data, business operations, and revenue from today’s cybercriminals. As cyberattacks in healthcare become more sophisticated, hospitals will face increased exposure to malpractice claims and potential lawsuits, according to Moody’s Investor Service. The situation is especially difficult for smaller healthcare providers that lack the financial means to weather a data breach. Many of these providers haven’t invested in the kind of technology that can improve their security posture against the growing legion of threat actors. Gifford Health Care knows this situation well. After learning of a breach at a large nearby university health system—and tens of millions of dollars in fines as a result—Gifford’s security team knew it was time to act before they also found themselves on the receiving end of a devastating cyberattack.

While the collections industry continues to grow due to the increase in debt, that growth has spurred greater competition and produced debt-savvy consumers who are adept at subverting collections efforts. These trends combine to drive down margins, increase operating expenses and lower contingency fees, thereby making it essential for agencies to work smarter and more decisively to locate debtors and recover delinquent debt. As Midpoint reviewed the market, and its prospects for growth, it knew that success hinged on identifying and employing the right research and skiptracing tools. Midpoint already subscribed to a pair of competitive solutions to aid its skip-tracing work and identify Right Party Contacts (RPCs), including LexisNexis® Accurint® for Collections. Accurint for Collections provides collections agencies with comprehensive data on people, businesses and assets. The solution aggregates data from thousands of sources and features advanced link analysis technology to deliver the answers collections agencies need to locate debtors and shorten the collection cycle. Over the years Midpoint had fallen into the habit of minimizing usage of Accurint for Collections in favor of Acxiom® Insight. In early 2007, they decided to test the two systems to determine which solution was the right tool to stimulate and support growth.

Each individual case is unique; there are many levels and layers and myriad possibilities in an investigation. Many times, multiple individuals must be tracked using only one Social Security number. Individuals at times do not want to be found, and investigations where an individual owes money are even more challenging. Sometimes, delinquent individuals are not even aware of the fact that they owe money. In other instances, the agency is holding money in escrow and the person or family to whom it is owed—the custodial mother in most cases—has moved and needs to be located. In other cases, a welfare differential needs to be reconciled with another state where laws may have changed and money is owed to a family. Verification does not end with address data; when large sums of money are involved, investigators need to speak with an individual in order to prevent fraud. This entails finding valid phone numbers or physical visits. Also, improper verifications can result in misidentifications of innocent people, and can have serious ramifications for the Department as well as the subjects, who may have papers served on them or may be arrested. No matter what the activity, the focus is on what is in the best interest of the children the Department serves.

The investigation into Isadore Pacht's homicide was stalled early due to a lack of cooperation from a key witness and the inability to locate another crucial witness who had relocated. Over the years, the case was periodically reviewed but with no new leads, it remained unsolved. In 2005, the case was reassigned to the Cold Case Squad by the Bronx County District Attorney’s Office at the request of the Governor's Office. Detectives faced significant challenges, including the lack of forensic evidence and the difficulty in locating witnesses due to incomplete records.

The compliance professionals at the Philips Healthcare division were vetting solutions to comply with the U.S. Physician Payment Sunshine Act, as well as state-level reporting. Their existing manual process to address the requirements of Vermont and Massachusetts state transparency laws was inefficient and cumbersome. Whatever solution the team decided upon, they understood that the quality of their customer data would impact compliance. Given the complexity and expense of managing customer data in-house, they approached LexisNexis® and several other vendors. The priorities were the following: Compliance - Improve the quality, depth and breadth of their customer master, which served as the foundation for regulatory reporting. Customer Satisfaction - Mitigate the risk of damaged customer relationships as a result of inaccurate reporting. After a rigorous evaluation process, which included an initial data quality assessment to understand the scope of data available, Philips identified the customer attributes that were most important to them: State license, Sanctions, NPI, Teaching hospital flag, Mass ID-covered recipient.

SAFE FCU historically verified identities by checking Social Security numbers (SSNs) and comparing information supplied by loan applicants with information about members that employees had previously captured and entered into SAFE FCUs databases. This process provided the credit union with limited data on which to verify identities, and sometimes resulted in minor human error—transposed numbers in a SSN, for instance. Nevertheless, SAFE FCU’s anti-fraud approach had proved to be successful. Throughout 2008, however, SAFE FCU was confronted with a rise in fraud attempts. In order to meet this challenge and ensure effective compliance with new and existing government regulations, SAFE FCU decided to enhance their identity verification and fraud prevention approach.

In May 2008, Lt. James Risseeuw received a report of an attempted sexual assault and forced confinement of an 18-year old woman. The victim had fought off her attacker and the suspect had fled the scene. Working with the responding officer, Lt. Risseeuw learned that the victim knew her attacker and had previously babysat his children. The Lieutenant was able to gather a description of the suspect, his name and a description of the vehicle he fled in. From a description of the crime scene, he also learned that the attacker had been particularly violent and brutal. Lt. Risseeuw knew he needed to apprehend the suspect quickly. As a 20-year veteran, Lt. Risseeuw knew that normal investigative methods could take several days to locate the suspect. Investigations in Sheboygan County are complicated by the fact that driver’s licenses are only renewed every ten years and the department only has direct access to incident records in its jurisdiction.

According to the National Retail Federation’s most recent survey, U.S. retail losses amounted to $41.6 billion in 2006, or 1.61% of total sales. A large percentage includes losses stemming from consumers passing bad checks. In Smith County’s fourth precinct, the problem was especially acute. Smith County is home to a large number of universities and a highly transient population, with thousands of individuals moving in and out every year. As a result, tracking down the authors of bad checks can be an almost impossible challenge. “When I took office, there were boxes of bad checks dating as far back as the early eighties,” said Constable Smith. “Tracking down each individual, while important, would require more man hours than we could provide and would have diverted us from other more pressing responsibilities.” After spending several months trying to come up with a solution, Constable Smith came across the answer at a state-mandated continuing education course for constables. The instructor was outlining technical solutions designed to support the needs of law enforcement. One product, LexisNexis® Accurint® for Law Enforcement, stood out.

Company X, a pharmaceutical manufacturer, faced significant challenges with the accuracy and completeness of its provider data. The sales team, responsible for promoting a high-end gastroenterology drug therapy, relied heavily on this data to identify and contact healthcare providers (HCPs). However, the database was riddled with inaccuracies, including incorrect contact information and missing data, which hindered the sales reps' ability to effectively target and engage with potential customers. Additionally, the sales team struggled to validate the affiliations between HCPs and healthcare organizations (HCOs), making it difficult to identify key decision-makers and influencers within these organizations. This lack of accurate data led to inefficiencies, wasted efforts, and missed opportunities, ultimately impacting the company's sales performance.

The lender was looking for a way to optimize small business credit underwriting in an environment where credit information on the business entities they were lending to was typically either unavailable or very thin. They were in the process of redeveloping their credit models and were looking for new data sources; sources that could help provide insights where there were gaps. The lender tested the LexisNexis® Small Business Blended Credit Score with Attributes against several other sources they had used in the past and against some new sources they were considering. They found the LexisNexis Risk Solutions scores and attributes to be the most predictive of them all. At one point, they requested a second test file because they thought maybe the initial one reflected results that were so good, something had to be wrong. When the second test file performed as well as the first, it was clear that they had discovered a new source that could help them to make better risk decisions faster.

Engaging patients in their own health care is an effective way to strengthen the relationship between the physician and the patient, while also giving the patient greater control over his or her health and well-being. Consequently, this is one of Lancaster General Health’s main aims. Corey Meyer, Director, Mobile and Virtual Health Services at Lancaster General Health, explains his situation: “It’s essential for our patients to have the proper tools to help them manage their own health; therefore, access to their medical information is a key factor to staying healthy outside the hospital. However, the verification process to allow patients to view their EHRs was difficult. They had to physically come into a health system location – either a doctor’s office or an outpatient site – to complete a registration form. People don’t want to have to drive to their practice to fill out a form, get a code, go home, and then register.” Such inconvenience meant Lancaster General Health was not seeing as much patient access to its portal as it would have liked. This created a barrier between the patients and their own health, and possibly limited the health system’s access to government subsidies under the Meaningful Use (MU) statute. MU is a set of standards defined by the Centers for Medicare & Medicaid Services Incentive Programs. It governs the use of EHR, and hospitals that follow MU receive additional funding. Consequently, low take-up of health care technologies can cost health care organizations millions of dollars a year. The system therefore needed to increase use of its patient portal both for its patients’ benefit and to enable it to align better with MU and secure more funding. Ease of access to the portal was of paramount importance, as was protecting sensitive patient health data with the utmost security.

For years, the health system had relied on data from the state medical license board to identify physicians, but it had shortcomings. The data was only updated when new physicians got their license and existing physicians renewed their license. Maintaining the dynamic universe of provider data is a difficult, but critical task for hospitals and health systems. Fifty percent of provider data is outdated after just 18 months. Provider information fuels many functions of everyday business, including provider directories, physician recruitment, claims processing, network management, compliance, fraud detection and communication between healthcare practitioners and the hospital. When provider data is accurate, these operations proceed smoothly. When they don’t work as they should, the impact of errors and missing information can be felt throughout the system. Without proactive management, thorough attentiveness and the right technology, the quality of an organization’s provider information diminishes quickly. The result is operating inefficiencies and sub-optimal networks that cost healthcare providers hundreds of thousands, and potentially millions of dollars each year. For the health system, that meant, in a market where physicians move often, much of the contact information in the medical license board database was outdated. The data couldn’t be trusted, which created multiple problems across the organization such as: Manpower needs couldn’t be assessed, Promoting CME events was too costly, and Promotional announcements weren’t getting through.

In the highly competitive pharmaceutical market, sales representatives need to go beyond traditional methods of calling on individual doctors and promoting their products. They must build relationships and become valued sources of information. A top 10 pharmaceutical company recognized the need to enhance field intelligence to gain better leverage in accessing physicians. They sought to understand how cancer patients are managed, the treatment decision process, key opinion leaders, and the influence of caregivers. The goal was to provide sales reps with a comprehensive understanding of the local landscape and key players in oncology care.

As a tertiary medical center in a five-state referral area encompassing more than 10 percent of the continental United States, University of Utah Health has long been committed to building strategic alliances with referring physicians. Yet one unwelcome perception persisted. A lag in the consistency of patient follow-up often resulted in a lack of uniformity of care and a breakdown in efficient communications with physicians. The reason for the lag was that University of Utah Health often had to verify disparate and sometimes inaccurate provider discharge data. Two to three FTEs dedicated substantial time to sorting through and manually validating accurate provider names, locations, credentials and more every day, using MPI, Google and other publicly available resources. As a result of this time-consuming verification process, referring providers were left in the dark on treatments, interventions and medications conducted on behalf of their patients, which, in the worst of situations, led to redundancies in after-discharge treatment, and increasing frustration among referring providers.

Increased competition forces infusion therapy providers to up their sales game. Patients who need home infusion therapy rarely research service providers and look to their doctor to recommend one. The sales challenge for infusion therapy providers lies in identifying the physicians and medical professionals who are referring patients and becoming their preferred provider. Getting those referrals, as opposed to promoting their services directly to patients, is the key to increasing sales. A Northeast-based healthcare organization provides home infusion therapy throughout several states. Increased competition and a complicated market structure have forced them to become more proactive in their sales and marketing efforts. They recently chose to invest in PlayMaker CRM® largely because of the insights it could gain. One of the infusion therapy provider’s first priorities was to obtain data related to IVIG and antibiotics therapy referrals, two vertical niches the company had prioritized for future growth. Fueled with LexisNexis® claims data, PlayMaker delivered the names of the physicians and facilities with the most patient referrals for those segments of their market. The sales team was then able to direct its efforts to the best prospects. But what was even more exciting for them was the big picture potential. The ability to search data by infusion therapy, for example, opened up endless possibilities for expansion.

A leading multi-line carrier was facing significant issues verifying leads, despite working hard to develop a robust lead generation program. While a plentiful supply of leads were being generated via the company’s website, the contact information was often incomplete or inaccurate. The company’s agents were spending considerable time and energy trying to prioritize and contact potential customers with sporadic success. The process was not only causing agent fatigue, it was proving to be costly and inefficient.

The company faced three main challenges: identifying the most-likely-to-purchase customers, maximizing the value of its customer data, and optimizing marketing return on investment. Traditional marketing campaigns were casting a wide net, resulting in low returns and wasted resources. The ultimate goal was to improve revenue growth and increase retention rates among existing policyholders by leveraging existing policyholder data for new revenue opportunities and achieving the greatest benefit from cross-sell and up-sell efforts.

Like many carriers, this company struggled with managing inspection resources for the greatest return on investment. It lacked the ability to specifically identify those properties most in need of inspection at the time of policy renewal. Instead, this carrier conducted selective inspections of properties in high hazard areas; a costly and time intensive method with little to no perceivable impact on actionable rates. As losses continued to mount, alarms were raised across the enterprise. The call went out for a cost-effective solution that would cause minimal disruption to the current process while significantly increasing actionable discovery rates, thereby reducing losses.

As a start-up collection agency, EAS is challenged with competing against entrenched competition staffed by experts in collecting student loans. In order to jump-start growth, the company brought in loan industry veteran Don Taylor as president to lead the efforts to insure the firm’s ability to compete. Upon joining the company, Taylor realized that many of his agents had limited experience in collections and most had no experience in student loan collections. Furthermore, the agency had yet to invest in many critical resources, such as skip tracing tools, on which other firms rely on. Taylor was determined to find a way for EAS to discover and exploit a competitive advantage while implementing a lean, highly profitable operating structure that would protect margins.

In the face of rising medical claims costs, payers are looking to improve member engagement in their own health and minimize unnecessary utilization of the health care system. However, the Affordable Care Act (ACA) and the creation of Health Insurance Exchanges have led to millions of consumers accessing health benefits for the first time and possessing little or no historical, clinical or claims data. The lack of medical history makes risk modeling and effective member engagement particularly difficult. This Case Study seeks to answer the question, “Can socioeconomic data be used to help predict member health risk and inform improved member engagement strategies?” EveryMove (and their payer clients) need a comprehensive picture to determine population health risk and the ability to precisely target high-risk members with the appropriate engagement incentives. Always seeking to optimize the timing and accuracy of its member interventions, EveryMove places an extremely high value on predictive intelligence that provides insight into the health status and potential health risks of individuals. With so many new consumers lacking traditional data, like claims and clinical records, EveryMove chose to test and measure the ability of non-medical, socioeconomic data to fill in major gaps in member health profiles, and to accurately predict health risks.

Discerning the validity of prescriptions today is a complicated process made more complex by a number of factors, including ongoing prescriber regulatory challenges impacting daily pharmacy operations, varying payer requirements causing discrepancies, licensure inconsistencies across prescribers, intricate drug diversion schemes, and more stringent claims audits by the Centers for Medicare & Medicaid Services. Together, these issues make validating every prescription an operational challenge and risk, with consequences ranging from inappropriate reimbursement to tens of millions of dollars in fines for record-keeping, dispensing, and narcotics violations. The Drug Enforcement Administration (DEA) using their own federal data and data from state-level licensing boards to determine prescriptive authority is causing an even more complicated regulatory environment for retailers. Add to this the increased scrutiny from the media and others, and it is clear that retail pharmacies need a reliable solution—one that incorporates current information about prescribers and enables alignment with all relevant regulations in order to verify prescriber information prior to billing and dispensation. Unfortunately, many pharmacies are working with systems that were not designed for the complexity of today’s prescription claims process, often ingesting and matching data and technology components that are not designed to work together efficiently. The result is a workflow that is far from conducive to supporting pharmacists’ primary roles—patient service and safety.