A large healthcare company in the western U.S., with more than 3,000 employees and several million clients from individuals to Fortune 100 companies, experienced a security breach that revealed gaps in its architecture and processes.
Situation and Business Challenge
When mission-critical IT projects amass and stagnate at a healthcare company, a security emergency can transform those normal headaches into a massive migraine.
A large healthcare company in the western U.S., with more than 3,000 employees and several million clients from individuals to Fortune 100 companies, experienced a security breach that revealed gaps in its architecture and processes.
An internal investigation revealed the need to solidify database access to better safeguard Protected Personal Information (PPI) by splitting the network into subnetworks, establishing environment-specific access protocols, and removing open gates in the network. While the company understood the urgent need to remediate the issues, numerous additional business-critical IT projects led to a lack of available IT staff and mounting delays to provide the proper attention to this need.
The IT organization worked with several consulting firms to start remediation and planning but the consultants’ work never made it past the discovery phase. Legacy systems, inconsistent data involving third-party vendor applications, integrations with multiple systems, and advanced customizations presented major problems for which the consulting firms could find no solutions.
Alternative solutions such as migrations to cloud architecture proved too costly, problematic and would require too much time to complete. Similarly, instituting separate firewalls for each server and application was also quickly realized to be excessively difficult to implement and support. Ultimately, all other solutions proposed were deemed either prohibitively costly or inadequate to address the required criteria.
The company faced a number of deadlines set by multiple insurance commissioners and attorneys general that could not be extended. Needing a partner with deep industry experience in solving complex technology problems in rapid fashion, the company called on AIM Consulting’s Delivery Leadership experts for the solution.
AIM’s Approach
AIM’s team comprises world-class experts who integrate cross-industry knowledge and skills to drive complex technology projects on time and on budget. AIM’s consultants combined their extensive skillsets in cybersecurity, application development, data & analytics, cloud & operations, business systems, and knowledge of regulatory and compliance requirements to deliver a highly secure and streamlined solution.
Working closely with vice presidents and other key stakeholders in impacted teams within the IT organization, AIM defined the scope, approach, and timeline of the solution and drove it to completion in the allotted 6–7 month timeframe.
Week by week, AIM worked side-by-side with internal teams and external vendors to close the security gaps by leading 55 server deployments and migrating nearly 400 database servers to a new Microsoft Azure datacenter, including the arduous work of migrating some critical legacy OS and SQL Server systems. The project resulted in the decommissioning of more than 400 legacy servers that were no longer required by the business.
The project unfolded as follows:
- AIM’s relationships and frequent communication with key stakeholders helped to attain complete buy-in to push the project to top priority within the organization. Because of the high level of trust between AIM and the client, most roadblocks and other issues were remediated within the same business day, allowing for the smooth and rapid procession of the project.
- AIM leveraged the cloud-based project management software Smartsheet to take advantage of its intuitive dashboard and reporting features and update the project status in real-time. The Smartsheet dashboard illustrated key data findings from the CMDB and DBA teams, enabling AIM to identify all impacted technologies and teams, set realistic milestones, and define a clear strategy of how the work would be sequenced for impacted teams. Stakeholders could access the dashboard to receive real-time updates on each team’s schedules and dependencies.
- Using the company’s configuration management database (CMDB) and working with the database administrator (DBA) team, AIM identified all databases existing on the company’s servers, which were then consolidated into Smartsheet to perform further data scrubbing, analysis and visualization.
Key Results
In the wake of preceding consulting firms’ failed efforts, AIM designed and guided the project on time and on budget, resulting in a robust, consolidated environment that keeps PPI behind highly secure firewalls, where it belongs.
Because AIM Consulting understood the customer’s unique circumstances and critical business objectives, the engagement was performed in a way that was hidden from the view of the client’s customers. The success of the project has resulted in strong brand perception of AIM within the organization.
The engagement with AIM led to numerous additional benefits:
- Of greatest importance, the company remained in compliance with HIPAA and HITRUST guidelines, avoiding potential eight-figure fines.
- The decommissioning of legacy servers and databases led to significant cost reductions in real estate, extended warranty and licensing support, and reduced person-hours savings totaling between $500,000–$750,000 annually.
- Organizational intelligence around security, intra-network system connectivity, and application mapping has vastly improved. Internal communications processes for managing, modifying, and adding/removing servers and databases are now at a much higher level.
- The project also enabled reduced schedule impacts for several key business initiatives including facilities upgrades and campus redesign initiatives, allowing those projects to proceed sooner than expected.
Get In Touch
Whether you need help with technology strategy and implementation or have an in-flight project in need of additional resources, AIM is here to help.
Fill out the form below and one of our experts will be in touch.