Careington gets clean bill of cyber health with pumped-up security and compliance services
Challenge
The health industry counts among the most regulated sectors in the world, requiring companies like Careington to meet regulatory standards to maintain operations and avoid steep penalties. Serving millions of individual and corporate customers, Careington also processes a large volume of payment card transactions. As a Level 1 Service Provider under the PCI-DSS (Payment Card Industry Data Security Standard), the company needs to meet several requirements including network scans by an Approved Scanning Vendor (ASV) and compliance documentation from a Qualified Security Assessor (QSA). Finally, health sector companies are relentlessly targeted by cyber criminals for the trove of sensitive information they hold (including social security and financial details). A single data breach can deal serious operational, reputational, and financial damage — even for a widely trusted and pioneering healthcare company like Careington.
Client
Healthcare pioneer Careington International Corporation serves around 30 million customers across a range of brands, products, and services. Formed in 1979 in Texas by two entrepreneurial dentists, the company evolved into a leading healthcare organization with a diversified portfolio. More than four decades since its founding, Careington now ranks among the key U.S. providers of dental care solutions and discounted plans for health, wellness, and lifestyle services.
The Solution
Firmly rooted in the science of medical care, Careington sought a holistic solution to its IT challenges. It found one in TrustNet, an award-winning provider of managed security and compliance services. For the ensuing partnership, Careington’s business requirement was simple and urgent: a suite of services that actively ensure the security and efficiency of their digital infrastructure — and its continued compliance with all relevant regulatory standards. The initial services Careington receives include Risk Assessment, Penetration Testing, Security Awareness Training, and PCI DSS compliance.
The Results
Compliance and security are ongoing processes. Done right, they keep organizations a step ahead of risks and threats that can undermine and disrupt a business. Neither process can afford to be caught off-guard at any time. That’s because while major regulatory audits typically take place annually on predetermined dates, a corporate network and its IT systems face the risk of compliance violations and cyber attacks at literally any moment. Cyber crime and regulatory oversight rarely announce when they would happen.
Understanding their exposure, Careington aptly partnered with TrustNet not only to ensure its sustained compliance with PCI DSS but also to equip its people with the security training they need to serve as the company’s first line of defence against cyber attacks.
Additionally, the risk assessment and penetration test conducted by TrustNet provided accurate insight into Careington’s security posture, particularly on specific vulnerabilities, compliance gaps, and other system weaknesses. This enabled the company’s decision makers to prioritize remediation efforts and take the right actions toward futureproofing their diversified business and adequately protecting their loyal customers.
About TrustNet Inc
TrustNet helps businesses build trusted relationships with their customers, partners, and employees by providing cybersecurity and compliance services. We are a leading provider of managed security, consulting, and compliance services. Since 2003, TrustNet has been a strategic partner helping clients ensure the security and integrity of their businesses. From our headquarters in Atlanta, Georgia, TrustNet serves mid-size and large organizations, both public and private, across multiple industries, in the United States, and around the world.
TrustNet is a 2022 Global Infosec Awards Winner and the Editors Choice for Managed Security Service Provider.