UK’s largest independent health and social care provider seeks to safeguard confidential patient data and mitigate organisational risk by using VIPRE SafeSend Outlook add-in to prevent misaddressed email or incorrect attachments being sent.
Care UK is the UK’s largest independent provider of health and social care services, operating more than 300 facilities across the UK. With a diverse range of services including running local GPs, out-of-hours support and residential care services, it is committed to providing every patient and resident with the highest standard of care and service.
As part of this, Care UK is responsible for safeguarding patient data across its entire service offering and regularly reviews the tools that it has in place to ensure that data is kept as safe as possible. Accidental data leakage is a significant risk when business communication is so reliant upon email, particularly for a company such as Care UK that stores personal and confidential data. The company was therefore looking to deploy a Data Loss Prevention (DLP) tool as part of its overall strategy to secure sensitive data, and identified VIPRE SafeSend as an ideal solution to mitigate organisational risk.
SafeSend prevents users from sending misaddressed and accidental emails by requiring the user to double-check and confirm external recipients and file attachments before an email can be sent. Confidential data can be protected as companies can define parameters, including a list of approved domains, that will prompt users with a warning when sending an email to a non-approved domain, for example.
With the solution’s DLP module, SafeSend further scans attachments and email content for sensitive data, allowing for additional custom rules. Care UK has therefore been able to specify regular expressions within the parameters so that sensitive keywords or data patterns in the email or attachments can be detected, such as confidential patient information or bank account details.
Barry Nee, CIO, Care UK, said: “The data that we deal with is highly sensitive information and the responsibility of ensuring that data is protected is something that is of paramount importance to us. While we can’t completely eradicate human error, we can do our utmost to train employees and put an additional layer of protection in place – such as SafeSend – to prevent mistakes as much as possible.”
In addition to providing vital protection against email mistakes, SafeSend can also help users spot phishing attacks – such as an email that appears to come from inside the company, but actually has a cleverly disguised similar domain name. In this instance, SafeSend alerts the user to the fact that the email they are about to reply to a non-approved domain.
For organisations that must adhere to strict compliance and regulatory requirements, such as Care UK, SafeSend is a crucial tool that can clearly demonstrate that the company has the right technical controls around DLP in place to reinforce compliance credentials. As users must acknowledge the popup that requires them to confirm the email address is accurate, the attachment is correct and the warning when they are about to send data to a non-approved domain, it’s clear that the company has put necessary steps in place to prevent confidential data being sent to the wrong person.
Andrea Babbs, Head of Sales, VIPRE SafeSend, said: “With employee error now the number one cause of data breach or leakage, and increased data protection requirements in place, organisations clearly need robust processes to mitigate the risk of inadvertent data loss. Care UK is a great example of a company taking its responsibility to keep its data secure incredibly seriously, enabling its employees to better manage email and flag potential mistakes – before they hit the send button.”
Nee concluded: “SafeSend is an important part of our armoury to help us safeguard patient data and mitigate organisational risk. Human error is natural, but with an automatic reminder to double-check and consider whether this information should be sent to this person, and even if the original email is authentic, we have the confidence that data can remain confidential and secure.”