Saint Barnabas Health Care System Selects Wave to Protect Personal Health Information on Laptops

New Jersey’s Largest Health Delivery System Standardizes on Wave Software for Managing its Fleet of Self-Encrypting Hard Drives on Laptops Used by Medical Personnel and Executives

Lee, MA February 9, 2011 Wave Systems Corp. (NASDAQ:WAVX www.wave.com) today announced that Saint Barnabas Health Care System deployed self-encrypting drives (SEDs) managed by Wave’s EMBASSY® software to protect personal health information (PHI) stored on 700 laptops used by doctors, nurses, administrators and executives in 25 facilities. Saint Barnabas had been using software encryption for years to comply with health care regulations and meet patient needs, but chose to upgrade to self-encrypting drives for stronger security and faster deployment times —24 hours faster on average per user.

“Patient trust is critical to all of us at Saint Barnabas,” commented Hussein Syed, Saint Barnabas’ Director of IT Security, whose responsibility encompasses all endpoint and network security. “We take patient and employee data confidentiality seriously, which is why we took steps to ensure it is protected at all times.”

“Now should a breach happen,” Syed continued, “first and foremost, there is the impact on our patients. Beyond that it would impact our credibility, especially if there were repeated occurrences.”

Saint Barnabas is New Jersey’s largest integrated health care delivery system, employing 19,000, including 4,600 physicians and operating six acute care facilities, nursing homes and outpatient centers that provide radiology and dialysis. Prominent names within the system include Newark Beth Israel Medical Center, Monmouth Medical Center in Long Branch and Saint Barnabas Medical Center in Livingston.

As part of delivering superior care, medical personnel routinely collect and handle sensitive patient data, including lab results, clinical data, patient medical histories and prescription usage. This information is often gathered bedside or in the ER, where laptops are brought in via mobile units. Administrators also use Patient Health Information (PHI) for “patient modeling,” to develop better procedures and protocols for assuring that all patients in the Saint Barnabas system receive a high level of care. Laptops in use throughout the system all require encryption to safeguard patient privacy and stay in compliance with health regulations including the Health Insurance Portability and Accountability Act (HIPAA) and last year’s Health Information Technology for Economic and Clinical Health (HITECH) Act.

Under HITECH, affected patients would have to be notified by a letter outlining the circumstances of the data breach, what information was compromised and the steps taken toward remediation. There would be a financial impact too, Syed noted, with the health system liable for legal costs and the expense of credit monitoring services for affected patients. Those costs can run several hundred dollars per affected individual, he said.

To mitigate the chance of PHI falling into the wrong hands Saint Barnabas was an early software full disk encryption (FDE) adopter.

“It did the job, but software encryption was slowing the performance of the machine, which had a measurably negative effect on productivity,” Syed said. “It could take up to thirty minutes to boot up a PC with software encryption. Now boot up time is negligible.”

To handle the encryption installations, drop off locations were designated at Saint Barnabas’ facilities, where users were required to make an appointment. During the 24 to 36 hours required for the software to be installed and the contents of the drive encrypted, employees had to be issued a suitable loaner or had to go without. Remote users were required to initiate a remote desktop session via VPN and leave their PCs for the same period of time, periodically rebooting.

The dissatisfaction with software-FDE had Syed and his team looking for alternatives. A liaison at Dell introduced him to self-encrypting drives (SEDs). After conducting internal tests, Syed opted to implement Wave-managed SEDs for all laptops within the Saint Barnabas network. As laptops are “refreshed,” all come pre-configured from the factory with an SED and Wave software as part of the standard configuration. Now with hundreds of PCs equipped with Wave-managed SEDs already deployed, Syed said installations have gone “seamlessly,” averaging only 20-30 minutes per user, accounting for the time needed to set a password, integrate with Active Directory and to set security policies. After set up, most users “don’t even know the drive is encrypted.”

Remote Administration, Detailed Event Logs Part of the Value Wave Brings
Wave’s Trusted Drive Manager client software enables pre-boot authentication, the enrollment of drive administrators and users, and the ability to backup drive credentials. For centralized IT management of the self-encrypting drives, Wave’s EMBASSY® Remote Administration Server (ERAS) enables IT managers to remotely turn on each drive in seconds and to provide detailed event logs for compliance assertions to prove that the security settings were in place if a loss or theft occurs.

Wave Logo

About Wave Systems Corp.

Wave is a pioneer in hardware-based PC security that provides software to help solve critical enterprise PC security challenges such as data protection, strong authentication, network access control and the management of these enterprise functions.  Wave is a founding member of the Trusted Computing Group (TCG), a consortium of more than 100 companies that forged open standards for hardware security.  Wave’s EMBASSY® line of client- and server-side software leverages and manages the security functions of the TCG’s industry standard hardware security chip, the Trusted Platform Module (TPM) as well as hard drives that comply with TCG’s “Opal” self-encrypting drive (SED) standard.  Self-encrypting drives are a growing segment of the data protection market, offering increased security and better performance than most existing software-based encryption solutions.  TPMs are standard equipment on many enterprise-class PCs shipping today and have shipped on an estimated 300 million PCs worldwide.  Using TPMs and/or SEDs and Wave software, enterprises can substantially and cost-effectively strengthen their current security solutions.  Visit http://www.wave.com for more information.

For more information please contact:

Contact:
Wave Systems Corp.
Michael Wheeler
413-243-7026
mwheeler@wavesys.com