24 July 2023

Muirne Scanlon

Securing PII and Regulated Healthcare Data in a European Hospital with Getvisibility


In today’s digital landscape, healthcare providers face increasing threats from cybercriminals targeting their sensitive data. To combat these risks, advanced AI and machine learning are essential. 


One of our case studies demonstrates this perfectly. As a leading Data Security Posture Management (DSPM) company, Getvisibility has assisted a European hospital in securing personally identifiable information (PII) and regulated high-risk personal healthcare data stored in its data silos. By leveraging Getvisibility’s innovative solutions, the hospital successfully mitigated data breaches, improved compliance, and enhanced its overall data security posture.


The Challenges:

The European hospital faced several challenges before engaging with Getvisibility:

Vast amounts of unstructured data across unclear infrastructure.

A failed Data Loss Prevention (DLP) program that rendered operational service unworkable.

Lack of data understanding and regulatory clarity.

Overly broad access privileges leading to potential data exposure.

Unknown vulnerability to ransomware attacks.

Unencrypted sensitive data.

Ineffective data protection policies.

Low internal data protection awareness.


Identifying PHI and PII Information:

Concerned about potential data breaches, the hospital sought to proactively secure PII and protected health information (PHI) within its data stores. Getvisibility’s data discovery and classification capabilities played a crucial role in this endeavour. By scanning over 10TB of unstructured data and analysing more than 30 million files, Getvisibility identified alarming findings:

Over 2,000 files containing PHI were shared with the “Everyone” group, posing a significant risk.

More than 25,500 files were accessible with domain administrator access, raising concerns about data exposure.

12,937 files with PHI were older than 5 years and not properly archived.

17,521 files with PHI were older than 7 years and not adequately protected.

Approximately 30% of the files were duplicates, adding unnecessary data redundancy.

No files were protected by the failed DLP program.

The organisation scored 7 on a 0-10 risk score, indicating significant vulnerabilities.

Users had direct access to more than 8 million files, highlighting access control issues.

Around 160 passwords out of 4,100 users were never changed since creation, posing a security risk.


The Solution:

Getvisibility implemented a comprehensive solution to address the identified challenges and vulnerabilities:

Data Taxonomy and Comprehensive Management:

  • Created a tailored data taxonomy and implemented effective data management practices.
  • Conducted data inventory, cataloguing, classification, access monitoring, and retention policy definition

Identification and Protection of Regulated Data:

  • Identified and managed PHI and PII across multiple storage locations.
  • Implemented measures to protect sensitive information from cyber-attacks.

Minimise Attack Surface and Controlled Access:

  • Reduced the attack surface by implementing secure access controls.
  • Restricted user access to PII and PHI data, safeguarding patient information.

Data Hygiene and Risk Management:

  • Implemented data hygiene policies to maintain data integrity and quality.
  • Integrated and operationalized Data Loss Prevention (DLP) measures.
  • Implemented risk management practices and established reporting mechanisms.


Results and Impact:

The European hospital achieved significant improvements and outcomes by Using Getvisibility’s platform : 

Enhanced value from the Data Loss Prevention (DLP) solution.

Improved regulatory compliance and adherence to data protection standards.

Reduced time taken to mitigate areas of high data risk.

Increased visibility and control over sensitive data, ensuring its protection.

Minimised the attack surface despite the use of shared drives and remote connectivity.


The European hospital’s collaboration with Getvisibility enabled it to address critical data security challenges, protect sensitive patient information, and strengthen its overall data security posture. By leveraging advanced AI and machine learning capabilities, the hospital successfully mitigated data breaches, improved compliance, and enhanced its ability to safeguard PII and regulated healthcare data. 


In today’s ever-evolving threat landscape, investing in robust data security solutions is crucial for healthcare providers to protect their patients’ privacy and maintain trust in their services.


To read the full case study, click the link below.



Speak to one of our experts