Leading Electronic Records and Practice Management Software Company Relies on Imperva and Microsoft for Security and Efficiency

One of the leading providers of Electronic Medical Records (EMR) and practice management software for healthcare providers prides itself on offering a vast set of applications with scheduling, documentation, billing, and clinical reporting capabilities. All the applications are fully customizable and suitable for practices of all sizes and specialties.

Ensuring its systems are up and running 24/7 and that they comply with HIPAA data privacy legislation are both critical for the business. However, with a high-profile web presence, the company faced frequent large-scale hacker attacks and attempts at stealing highly sensitive – and valuable – medical data. It therefore had high requirements for the security of this data – particularly given the impact defending against these attacks was having on its IT staff.

“Our developers were constantly trying to update the site’s defenses to protect against ever-evolving cyber threats,” said the company’s CTO. “And at the same time, they had to ensure it continued to meet regulatory compliance.” The company urgently needed to implement an effective security solution that would not only defend against periodic large-scale attacks, ensure site availability to its users around the clock, and eliminate data theft and site scraping, but also maintain compliance – all with minimal burden on its IT staff resources.


Intelligent, efficient, and secure

The company turned to Imperva Cloud WAF, a comprehensive, cloud-based and – importantly – HIPAA-compliant protective shield for its web assets. Designed as a SaaS solution, the Imperva Cloud Application Security solution was quickly implemented, automatically blocking a range of attacks including intruders, DDoS traffic, and scraping bots. And with an automatic DDoS mitigation SLA of 3-seconds or less for any type, size, or duration of attack, the company is covered against even the most powerful DDoS attacks with an industry-best guarantee.

The solution’s real-time monitoring and control console enables IT staff to see everything that was occurring within the site at a glance, displaying comprehensive real-time statistics like the number of attackers being blocked, the reasons for blocking them, and the geographical sources of hostile traffic.

With this intelligence at their fingertips, and with security updates and upgrades automatically deployed across the network, the administrative burden on the company’s IT team was significantly reduced, the benefits of which were soon tangible.

According to the company’s Chief Architect, “Deploying Imperva Cloud WAF has enabled us to improve our internal development operations by 100%. We’re now able to deploy new patches and new versions in just days and weeks, rather than months, which gives us a huge competitive advantage for our practice management solution.”


Embracing the cloud

The company opted to deploy the software as a comprehensive security solution on Microsoft Azure, recognizing the additional advantages this would offer. With all the features of its on-premises counterpart, for example, Imperva Cloud WAF for Azure offers the additional convenience and security of automatic data backups at Microsoft datacenters.

What’s more, the company agreed that moving to the cloud would create significant opportunities for product enhancement. According to its Chief Architect, “Azure meets all of our cloud needs and fully aligns with our technology vision. This allows us to be far more agile and innovative in developing our solutions.”

“And because we rely on the high levels of security provided by Imperva,” he continues, “we’re able to do so while remaining fully compliant with regulations like HIPAA.”

In the competitive healthcare market, business success relies on the highest levels of innovation and data privacy. By combining Imperva’s comprehensive security services with Microsoft’s cloud offering, the customer was able to deliver on both of these, protecting its data, meeting compliance, and ensuring the 24/7 work environment it needed for continuous product development.