Case Study: American Specialty Health achieves continuous security and HIPAA/PCI compliance with QualysGuard (Qualys)

American Specialty Healths IT Risk Immunization Plan

American Specialty Health (ASH), a San Diego–based provider of health benefits and wellness programs serving about 13 million members and operating Healthyroads.com, needed a cost‑effective way to manage software vulnerabilities and misconfigurations while meeting HIPAA and PCI requirements. With a small IT team (five administrators) and no dedicated security staff, ASH required an automated solution to maintain continuous security and demonstrate regulatory compliance across its environment of roughly 110 servers and 600+ desktops.

ASH implemented QualysGuard’s on‑demand vulnerability management to run automated weekly internal and external scans, perform asset discovery and prioritization, and drive remediation and verification. By outsourcing updates and maintenance to the service, ASH reduced administrative burden, streamlined PCI and HIPAA compliance and audits, supported URAC accreditation efforts, and achieved continuous, demonstrable improvements in its security posture.

American Specialty Health

Tina Mitchell

Senior Director of IT Operations and Information Security Officer