Case Study Change Healthcare

Securing a Competitive Advantage

As their business expanded, we were there to help Change Healthcare grow and evolve their security posture.

The Task

Change Healthcare is a leading company in the healthcare industry, operating the largest financial and administrative information exchange in the United States. Change Healthcare connects more payers, providers, and vendors than any other healthcare business in the marketplace. With a network that encompasses more than 800,000 providers and over 1,200 government and commercial payers, protecting their customers’ sensitive data is top priority.

As a growing company, Change Healthcare needed to ensure the businesses and services they acquired met their security requirements. Extending their security standards into new assets while maintaining their current level of protection over existing customer records was paramount. Change Healthcare had a responsibility to safeguard and protect their customer data along with their networks, applications, and infrastructure as they expanded.

“This level of security has set us apart from our competition and in many cases has been the deciding factor in winning competitive bid scenarios. I couldn’t be happier with the results and the relationship that we’ve achieved together,”

Change Healthcare

Our Approach

Over the years, we’ve learned and gained insight into Change Healthcare’s business to understand it at successively deeper levels. As a result, we’ve been able to tailor our services to fit Change Healthcare’s unique needs.

With application assessments and source code review, PCI compliance, incident response, training, and on-going consulting, Bishop Fox works diligently to ensure that Change Healthcare’s security concerns are addressed from every angle. Our penetration testing and enterprise security teams have collaborated on multiple occasions to address security issues and to drive opportunities for protecting Change Healthcare’s numerous services.

Change Healthcare’s openness to collaborate and trust in our team is what makes our engagements so successful.

“More often than not, our teams work together to design solutions… we brainstorm, strategize, and implement together. We partner closely with the Change Healthcare business owners to develop an approach that focuses on security without losing sight of their business objectives.” –Bishop Fox Partner Vincent Liu

Large-BW-ipad

Getting Specific

We’ve worked closely with many Change Healthcare teams, but have been collaborating with Change Healthcare IXT on the Patient Billing & Payment Management Solutions the longest – helping them to gain new customers by first securing their products and services. We started out by conducting a full application assessment of the product in 2007, which included application penetration testing, source code review, and network penetration testing. Following that assessment, we continued to assess the product on a regular basis and delivered secure coding training to the developers.

Over the years, we’ve provided annual assessments with one full penetration test every year, and quarterly check-ups to ensure that the application remains safe. We have performed source code review for all changes to the application over the last eight years.

We’ve also helped Change Healthcare meet PCI compliance year after year, with no identified issues to date. We routinely perform PCI ASV scanning and train Change Healthcare developers to keep them in the loop on the latest threats.

“This level of security has set us apart from our competition and in many cases has been the deciding factor in winning competitive bid scenarios. We couldn’t be happier with the results and the relationship that we’ve achieved together,” Change Healthcare stated.

Competitive Edge

“We believe we’re employing the best security process and procedures that we can, which gives us a competitive advantage. There’s a comfort level that our customers have [in our services].” Change Healthcare said.

Our tailored services have helped place Change Healthcare ahead of leading competitors in their field. Drawing on previous engagement experience gives both companies the benefit of knowing and understanding the ins and outs of Change Healthcare security processes and procedures, and confidence in the level of commitment that each side brings to the table.

This saves both of us valuable time, money, and resources; making for smoother engagements since we’re never really starting from scratch. This nine-year and counting partnership continues to provide Bishop Fox the opportunity to help Change Healthcare grow and evolve in their security posture.