Download PDF
Rapid7 > Case Studies > Securing Critical Patient Data: Bioventus' Success with Rapid7
Rapid7 Logo

Securing Critical Patient Data: Bioventus' Success with Rapid7

Technology Category
  • Cybersecurity & Privacy - Endpoint Security
  • Cybersecurity & Privacy - Intrusion Detection
Applicable Industries
  • Equipment & Machinery
  • National Security & Defense
Use Cases
  • Counterfeit Product Identification
  • Tamper Detection
Services
  • Cloud Planning, Design & Implementation Services
  • Cybersecurity Services
The Challenge
Bioventus, a global leader in active healing and surgical orthobiologics, faced significant security challenges due to its large distributed workforce, multiple clouds, diverse devices, and the critical nature of patient data. The company's security team had to deal with user compromise and phishing emails on a daily basis. As an international healthcare company based in the US, Bioventus had the additional challenge of safeguarding patient records. A breach of any sort could be damaging, but a breach of patient records could be particularly expensive. The company also faced common security challenges for enterprises of its size, such as attacks on its cloud-based networks.
About The Customer
Bioventus is a global leader in innovations for active healing and surgical orthobiologics. The company works with patients, payers, and healthcare providers throughout the world. Based in Durham, North Carolina, Bioventus has more than 1,100 employees and a presence in over 50 countries worldwide. In a single year, Bioventus products help more than 500,000 people regain active lifestyles. The company operates internationally, dealing with medical devices and patient information that must be protected at all costs. Bioventus' security is managed by Kerry LeBlanc, who is responsible for the company's cybersecurity, reporting to the director of IT infrastructure and security.
The Solution
To address these challenges, Bioventus implemented Rapid7 InsightVM, a leading vulnerability management solution, and Rapid7 InsightIDR, a leading cloud SIEM. The company chose Rapid7 due to its system-wide integration with both InsightIDR and InsightVM. Rapid7's solutions integrated well with the existing environment and the tools Bioventus wanted to implement. Rapid7 also provided strong tech support. The first step was a system-wide assessment to identify gaps and weaknesses. The company needed a SIEM, a vulnerability management solution, and an endpoint detection and response solution. Rapid7 provided visibility and context into threats, discovered unknown issues, and enabled quick correlation, analysis, prioritization, and remediation of threats. The company also used InsightIDR Enhanced Endpoint Telemetry for alerting on malicious processes, threat hunting, asset authentication reporting, and failures.
Operational Impact
  • The implementation of Rapid7's solutions has significantly improved Bioventus' security posture. The company now has visibility and context into threats, allowing for quick correlation, analysis, prioritization, and remediation. The use of InsightIDR Enhanced Endpoint Telemetry has been particularly beneficial, providing alerts on malicious processes, aiding in threat hunting, and providing valuable information on asset authentication reporting and failures. The Insight Agent, which feeds both InsightIDR and InsightVM, covers all of Bioventus' environment and locations, providing comprehensive security coverage. The company's security program has matured significantly, earning the confidence of the executive team.
Quantitative Benefit
  • Reduced response time from three to four hours to ten to fifteen minutes.
  • Visibility into all locations, including cloud servers and data center servers.
  • Immediate identification of security issues such as credentials in the wrong places, misused configurations, and services that should not be left on.

Related Case Studies.

Contact us

Let's talk!

* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.