Artisan developers focus on improving patient care by leaving sensitive data security to Wiz

Challenge

• During Artisan’s transition to the cloud it had 15 developers but no dedicated security team to manage its cloud security posture.

• Because healthcare data needs to be stringently protected, Artisan needed to guarantee patient and financial data with a zero-tolerance security posture.

• Artisan’s development team wanted to deploy new products quickly, but they were distracted by a noisy CSPM platform.

Solution

• By adopting an agentless solution, Artisan avoided hiring a dedicated security team and freed up their developers’ time while still maintaining a strong security posture.

• Artisan streamlined compliance management for SOC and HIPAA with Wiz to ensure they’re meeting regulatory needs and ensure patient data is safe.

• With Wiz, the development team receives consolidated and targeted vulnerability alerts, so they can directly address issues and securely deploy new features faster.

Protecting invaluable patient data while building a secure development process

Artisan partners with medical practices in the fertility industry to simplify patient care. Its Artisan EMR Solution stores sensitive patient data such as medical history, lab tests, and treatment plans. When Artisan started, it was the only cloud-based infertility electronic medical record system, and that was a powerful incentive to attract new business. “We've become a hub by virtue of being cloud-based, and we've been able to work with other vendors who want to reach our customers,” says Artisan President and CEO Alex Steinleitner.

While the cloud helped fuel Artisan’s growth, it also introduced new challenges. “As we moved to the cloud, things became more spread out amongst vendors, and we started using more software and digital tools to communicate,” shares Steinleitner. “We learned what it means to broaden the attack surface, and that there are a lot of bad guys out there who are going to try to attack our systems at all costs.”

Artisan knew they didn’t just need to protect its internal data. Patients must be able to trust that their personal and financial information will be secure and accessible 24/7. “If the system was down for any reason, we'd have thousands of patients who could have treatments interrupted,” says Steinleitner. “They depend on daily access to the information they trust us with. In some cases, these are people going through expensive, life-changing treatments. Downtime because of a security breach would be catastrophic.”

To protect both sensitive patient data and their own systems, Artisan adopted a CSPM solution, but using it effectively was impossible. The team was overwhelmed by the system’s alerts, and to avoid hiring dedicated security professionals, they were wasting valuable development time wading through notifications. Artisan replaced the platform with Wiz to simplify their security management and keep focused on improving the customer experience.

I'm a doctor, I take care of people, I was trained in preventative medicine. Wiz is like preventative medicine for us.

Alex Steinleitner

President & CEO, Artisan

Designing a security-focused company without a dedicated security team

Artisan’s team of 15 developers is also responsible for managing the company’s security posture. One of their most important roles is to quickly design and deploy new features for their customers, but without a dedicated security team for support, they have to take additional steps to maintain a secure environment. In other words, they needed a CSPM platform that was efficient and easy to use.

Ultimately, Artisan chose Wiz because it provided fewer, more actionable alerts and full visibility into the organization’s infrastructure. Rather than receiving up to 500 alerts for every real vulnerability, Wiz allows Artisan to see their full cloud environment and understand exactly what their vulnerabilities are. 

Automated risk assessment also gives Artisan's team the ability to prioritize the most critical risks. "The Wiz dashboard shows us critical threats by order of high, medium, and low danger in a way that is very easy to understand," says Matthew Mazzariello, Development Manager at Artisan. 

Wiz also reports on any issues with new packages before they’re released into production and gives the team suggestions for best practices and insights into how they can deploy more securely. Automated detection also means the Artisan team is freed from manually reviewing new packages and can instead focus on innovating to support their customers.

With our old platform, we were getting thousands of alerts for every one problem that we’d solve. Wiz allows us to understand vulnerabilities much more efficiently. Now, we can concentrate our efforts on problems rather than simply identifying them.

Alex Steinleitner

President & CEO, Artisan

Automating compliance management to build patient trust

Protecting customer data is a priority for any organization, but in healthcare, compliance is non-negotiable. Compliance for Artisan also goes well beyond safeguarding the business, it’s about protecting their customers’ privacy. When Log4shell hit, Artisan was inundated with calls from customers about whether it was prepared. “If we had a breach, we might as well have turned off the lights,” says Steinleitner. “We were able to run a Wiz scan, see in fact that our entire system was fine, we were safe and secure, and we were able to report that to our customers.”

On their previous CSPM platform, maintaining regulatory compliance with SOC and HIPAA standards was an active, manual process. With Wiz, Artisan has been able to automate compliance assessments to continuously monitor their adherence to industry compliance frameworks. Now, during weekly development team meetings, the team can use their security dashboard to highlight any critical issues that may need to be addressed with senior leadership.

When you’re operating a cloud-based solution with sensitive data, security is paramount—it’s your duty to protect your customer's data. If you don't have layers of security measures in place, you're not going to be at the table very long. We need to be ahead of the curve and working with Wiz has helped us to do that.

Matthew Mazzariello

Development Manager, Artisan

Improved security and compliance adherence has also helped Artisan expand the business. An international fund purchasing the company asked a lot of questions about Artisan’s software structure during the due diligence process. “Security was clearly an issue,” says Steinleitner. “But we were simply able to print reports from the relevant parts of Wiz and show that we had no outstanding major vulnerabilities. The consultants were able to view our Wiz profile and see that we were very compliant, and they didn't have security concerns.”

Adopting a secure-by-design approach across the company

As a company with a technology-driven mission, Artisan was quick to embrace the cloud and develop new capabilities and expose APIs so providers could better serve their patients. This has also led the company to quickly adopt and prioritize cloud security as it grows. It’s become increasingly important for Artisan to make security a core part of any development and business growth conversations.

When our developers are starting to build something, we really need them to start thinking of security right away. Because these cloud solutions can be accessed from anywhere, we really have to be mindful of that when we’re developing.

Matthew Mazzariello

Development Manager, Artisan

With Wiz, Artisan found a solution for a non-dedicated security team. Wiz is helping that team understand their vulnerabilities and focus on simplifying fertility management for care facilities and patients everywhere. “As the CEO, I can say this much: Wiz helps me sleep at night,” shares Steinleitner.