SOURCE: Wave Systems Corp.

Wave Systems Corp.

February 09, 2011 08:25 ET

Saint Barnabas Health Care System Selects Wave to Protect Personal Health Information on Laptops

New Jersey's Largest Health Delivery System Standardizes on Wave Software for Managing Its Fleet of Self-Encrypting Hard Drives on Laptops Used by Medical Personnel and Executives

LEE, MA--(Marketwire - February 9, 2011) - Wave Systems Corp. (NASDAQ: WAVX) (www.wave.com) today announced that Saint Barnabas Health Care System deployed self-encrypting drives (SEDs) managed by Wave's EMBASSY® software to protect personal health information (PHI) stored on 700 laptops used by doctors, nurses, administrators and executives in 25 facilities. Saint Barnabas had been using software encryption for years to comply with health care regulations and meet patient needs, but chose to upgrade to self-encrypting drives for stronger security and faster deployment times -- 24 hours faster on average per user.

"Patient trust is critical to all of us at Saint Barnabas," commented Hussein Syed, Saint Barnabas' Director of IT Security, whose responsibility encompasses all endpoint and network security. "We take patient and employee data confidentiality seriously, which is why we took steps to ensure it is protected at all times."

"Now should a breach happen," Syed continued, "first and foremost, there is the impact on our patients. Beyond that it would impact our credibility, especially if there were repeated occurrences."

Saint Barnabas is New Jersey's largest integrated health care delivery system, employing 19,000, including 4,600 physicians and operating six acute care facilities, nursing homes and outpatient centers that provide radiology and dialysis. Prominent names within the system include Newark Beth Israel Medical Center, Monmouth Medical Center in Long Branch and Saint Barnabas Medical Center in Livingston.

As part of delivering superior care, medical personnel routinely collect and handle sensitive patient data, including lab results, clinical data, patient medical histories and prescription usage. This information is often gathered bedside or in the ER, where laptops are brought in via mobile units. Administrators also use Patient Health Information (PHI) for "patient modeling," to develop better procedures and protocols for assuring that all patients in the Saint Barnabas system receive a high level of care. Laptops in use throughout the system all require encryption to safeguard patient privacy and stay in compliance with health regulations including the Health Insurance Portability and Accountability Act (HIPAA) and last year's Health Information Technology for Economic and Clinical Health (HITECH) Act.

Under HITECH, affected patients would have to be notified by a letter outlining the circumstances of the data breach, what information was compromised and the steps taken toward remediation. There would be a financial impact too, Syed noted, with the health system liable for legal costs and the expense of credit monitoring services for affected patients. Those costs can run several hundred dollars per affected individual, he said.

To mitigate the chance of PHI falling into the wrong hands Saint Barnabas was an early software full disk encryption (FDE) adopter.

"It did the job, but software encryption was slowing the performance of the machine, which had a measurably negative effect on productivity," Syed said. "It could take up to thirty minutes to boot up a PC with software encryption. Now boot up time is negligible."

To handle the encryption installations, drop off locations were designated at Saint Barnabas' facilities, where users were required to make an appointment. During the 24 to 36 hours required for the software to be installed and the contents of the drive encrypted, employees had to be issued a suitable loaner or had to go without. Remote users were required to initiate a remote desktop session via VPN and leave their PCs for the same period of time, periodically rebooting.

The dissatisfaction with software-FDE had Syed and his team looking for alternatives. A liaison at Dell introduced him to self-encrypting drives (SEDs). After conducting internal tests, Syed opted to implement Wave-managed SEDs for all laptops within the Saint Barnabas network. As laptops are "refreshed," all come pre-configured from the factory with an SED and Wave software as part of the standard configuration. Now with hundreds of PCs equipped with Wave-managed SEDs already deployed, Syed said installations have gone "seamlessly," averaging only 20-30 minutes per user, accounting for the time needed to set a password, integrate with Active Directory and to set security policies. After set up, most users "don't even know the drive is encrypted."

Remote Administration, Detailed Event Logs Part of the Value Wave Brings
Wave's Trusted Drive Manager client software enables pre-boot authentication, the enrollment of drive administrators and users, and the ability to backup drive credentials. For centralized IT management of the self-encrypting drives, Wave's EMBASSY® Remote Administration Server (ERAS) enables IT managers to remotely turn on each drive in seconds and to provide detailed event logs for compliance assertions to prove that the security settings were in place if a loss or theft occurs.

About Wave Systems Corp.
Wave provides software to help solve critical enterprise PC security challenges such as strong authentication, data protection, network access control and the management of these enterprise functions. Wave is a pioneer in hardware-based PC security and a founding member of the Trusted Computing Group (TCG), a consortium of more than 100 companies that forged open standards for hardware security. Wave's EMBASSY® line of client- and server-side software leverages and manages the security functions of the TCG's industry standard hardware security chip, the Trusted Platform Module (TPM) and supports the TCG's "Opal" self-encrypting drive standard. Self-encrypting drives are a growing segment of the data protection market, offering increased security and better performance than many existing software-based encryption solutions. TPMs are included on an estimated 300 million PCs and are standard equipment on many enterprise-class PCs shipping today. Using TPMs and Wave software, enterprises can substantially and cost-effectively strengthen their current security solutions. For more information about Wave and its solutions, visit http://www.wave.com.

Safe Harbor for Forward-Looking Statements
This press release may contain forward-looking information within the meaning of the Private Securities Litigation Reform Act of 1995 and Section 21E of the Securities Exchange Act of 1934, as amended (the Exchange Act), including all statements that are not statements of historical fact regarding the intent, belief or current expectations of the company, its directors or its officers with respect to, among other things: (i) the company's financing plans; (ii) trends affecting the company's financial condition or results of operations; (iii) the company's growth strategy and operating strategy; and (iv) the declaration and payment of dividends. The words "may," "would," "will," "expect," "estimate," "anticipate," "believe," "intend" and similar expressions and variations thereof are intended to identify forward-looking statements. Investors are cautioned that any such forward-looking statements are not guarantees of future performance and involve risks and uncertainties, many of which are beyond the company's ability to control, and that actual results may differ materially from those projected in the forward-looking statements as a result of various factors. Wave assumes no duty to and does not undertake to update forward-looking statements.

All brands are the property of their respective owners.

Contact Information