New from Ponemon Institute: The State of Offensive Security in 2023. Read the Report ›
Change Healthcare needed to ensure the businesses and services they acquired met their security requirements to safeguard their customer data along with their networks, applications, and infrastructure.
As a growing company, Change Healthcare needed to ensure the businesses and services they acquired met their security requirements. Extending their security standards into new assets while maintaining their current level of protection over existing customer records was paramout. Change Healthcare had a responsibility to safeguard and protect their customer data along with their networks, applications, and infrastructure as they expanded.
"We partner closely wiht the Change Healthcare business owners to develop an approach that focuses on security without losing sight of their business objectives."
--Vincent Liu, CEO, Bishop Fox
Over the years, we’ve learned and gained insight into Change Healthcare’s business to understand it at successively deeper levels. As a result, we’ve been able to tailor our services to fit Change Healthcare’s unique needs.
With application assessments and source code review, PCI compliance, incident response, training, and on-going consulting, Bishop Fox works diligently to ensure that Change Healthcare’s security concerns are addressed from every angle. Our penetration testing and enterprise security teams have collaborated on multiple occasions to address security issues and to drive opportunities for protecting Change Healthcare’s numerous services.
Change Healthcare’s openness to collaborate and trust in our team is what makes our engagements so successful.
"More often than not, our teams worked together to design solutions… we brainstormed, strategized, and implemented together."
--Vincent Liu, CEO, Bishop Fox
We’ve worked closely with many Change Healthcare teams, but have been collaborating with Change Healthcare IXT on the Patient Billing & Payment Management Solutions the longest – helping them to gain new customers by first securing their products and services. We started out by conducting a full application assessment of the product in 2007, which included application penetration testing, source code review, and network penetration testing. Following that assessment, we continued to assess the product on a regular basis and delivered secure coding training to the developers.
Over the years, we’ve provided annual assessments with one full penetration test every year and quarterly check-ups to ensure that the application remains safe. We have performed source code review for all changes to the application over the last eight years.
We’ve also helped Change Healthcare meet PCI compliance year after year, with no identified issues to date. We routinely perform PCI ASV scanning and train Change Healthcare developers to keep them in the loop on the latest threats.
“This level of security has set us apart from our competition and in many cases has been the deciding factor in winning competitive bid scenarios. We couldn’t be happier with the results and the relationship that we’ve achieved together,” Change Healthcare stated.
"We believe we’re employing the best security process and procedures that we can, which gives us a competitive advantage. There’s a comfort level that our customers have in our services."
--Change Healthcare Team Member
Our tailored services have helped place Change Healthcare ahead of leading competitors in their field. Drawing on previous engagement experience gives both companies the benefit of knowing and understanding the ins and outs of Change Healthcare security processes and procedures, and confidence in the level of commitment that each side brings to the table.
This saves both of us valuable time, money, and resources; making for smoother engagements since we’re never really starting from scratch. This nine-year and counting partnership continues to provide Bishop Fox the opportunity to help Change Healthcare grow and evolve in their security posture.
Change Healthcare is a leading company in the healthcare industry, operating the largest financial and administrative information exchange in the United States. Change Healthcare connects more payers, providers, and vendors than any other healthcare business in the marketplace. With a network that encompasses more than 800,000 providers and over 1,200 government and commercial payers, protecting their customers’ sensitive data and their security posture are top priority.
Gravity-Defying Security: An Apollo.io Story
Apollo selected Bishop Fox to perform a Google Security Assessment to evaluate the security of its application, external perimeter, and Google Cloud Platform (GCP) environment, as well as conduct a review of its responses to Google’s required self-assessment questionnaire (SAQ).
John Deere Digital Security Journey: Securing Products Against Cyberattacks
To help ensure John Deere products are ready to withstand security threats, John Deere chooses Bishop Fox's Cosmos platform and product security reviews.
August: Built-in Security in IoT Devices