R1 RCM Advances API Security Program with APIsec

About R1 RCM

Company: R1
Founded: by Mary Ann Tolan and J.Michael Cline in July 2003, headquartered in Murray, UT
Industry: Healthcare
Recognitions:

• 11-time Best in KLAS winner (healthcare technology awards)
• Great Place to Work® Certified™ USA
• 2023–2024 Leader in LGBTQ+ Workplace Equality by the Human Rights Campaign Foundation

R1 RCM Inc.makes healthcare work better for providers and patients. R1 solutions help healthcare providers manage costs, increase revenue and streamline operations so they can deliver the quality care and empowered experience that patients deserve, today and tomorrow.

Business Challenges

As R1 continues to support and grow their Healthcare customers, technology innovation is at the center of the strategy. As their technology footprint expands, the attack surface expands and risks increase. Having a secured Software and Data Security strategy that embraces API-specific security solutions is critical to provide the business with the agility to deliver value while minimizing risks.

Key Requirements

• ShiftLeft: find issues as early in the SDLC as possible
• Validate security controls in production
• Automate as much as possible

Solution

After a competitivePOC review of multiple API security solutions, R1 chose APIsec for its ability to deliver continuous, automated API vulnerability scanning to every code release.

Features of APIsec:

• Simple operation (like a DAST) of complex API penetration test including logic and data access
• Easy integration into existing SDLC solutions including API gateway and ticketing systems
• Automated, comprehensiveAPI security testing during development

Comprehensive Coverage

“Comprehensive API security testing can be a big challenge. Our primary focus with APIsec has been the thorough nature of the way the scans are executed. We are now confident in the range, depth, and cadence of the API security testing. The ability to do proactive, continuous scanning of our APIs offers a much more comprehensive approach to API security. APIsec is always checking our APIs, finding vulnerabilities, and the level of detail is amazing.” ~ Cecil Pineda

Streamlined Testing Model

“APIsec's pre-production, automated, and continuous API testing solution has become a critical component of R1’s security strategy, ensuring comprehensive API protection. APIsec delivered exactly what we needed; an API security solution that was pretty hands off as much as possible, with strong automation and intelligence, that would allow us to understand our API landscape, and discover and address any potential issues before they reach production. The solution effectively monitors all R1’s APIs, providing real-time updates on risks and issues, which are crucial for maintaining platform security.” ~ Cecil Pineda

Speed to Value

“APISec was able to get us ramped from ground zero where we were able to rapidly onboard our APIs with no agents and no code insertion, analyze our APIs, and dynamically generate test cases, and utilize techniques of attack playbooks. Through the integration process, the APIsec team was working alongside us, making it simple and seamless. It's been incredible to see significant progress against our API security in such a short amount of time.” ~ Cecil Pineda

Future Focus: Sustaining API Security Excellence

Looking ahead, R1 sees their API security program as a cornerstone of their Software and Data Security strategy. The company plans to:

• Expand Testing Coverage: Continue broadening the scope of API security tests to cover new functionalities and services as they evolve.
• Enhance Automation: Increase automation within their security processes to reduce manual intervention and accelerate response times.
• Regular Training: Invest in ongoing training for their development and security  teams to keep them updated with the latest security practices and threats.
• Collaborate with APIsec: Strengthen their partnership with APIsec to leverage new features and updates that enhance their security posture.

By focusing on these areas, R1 aims to stay ahead of potential threats and ensure robust protection of their sensitive data, reinforcing their commitment to security and customer trust.

Conclusion

“R1 significantly enhanced its API security testing capabilities, ensuring comprehensive coverage and real-time risk management.This collaboration led to efficient deployment and quick time to value, proving the effectiveness of proactive and continuous API security measures in protecting sensitive data in a highly regulated healthcare industry. What sets APIsec apart is not just the impressive features, but also their incredibly responsive team that works at rapid speed. APIsec has simplified API security for us.” ~Cecil Pineda, CISO, R1 RCM

Do you want to join R1 and some of the world’s most successful companies that rely on APIsec to protect their APIs? Contact our team today to schedule a demo or get a free vulnerability assessment.

‍