Customer story

How Option Care Health caught missed lookalikes and reclaimed analyst time

Option Care HealthHealthcare

After a decade of monitoring domains with commercial tools and fuzzy matching, Option Care Health made Have I Been Squatted its primary platform, caught registrations its old stack had missed, and gave analysts back about four hours a week.

How Option Care Health caught missed lookalikes and reclaimed analyst time

Option Care Health (NASDAQ: OPCH) is the U.S.'s largest independent provider of home and alternate site infusion services, drawing on more than 40 years of clinical experience and a national network of clinicians, full-service pharmacies, and ambulatory infusion suites across the United States. Protecting patients and the brand from typosquatting, phishing, and impersonation has been part of its security program for years.

3+

Missed domains caught

4 hrs/wk

Analyst time saved

10+

Top-level domains monitored

A convincing lookalike domain can become a route to phishing patients, referral sources, or staff. Domain and brand protection has therefore been a standing part of Option Care Health's security program. For more than ten years, the team has monitored domain registrations using a mix of commercial tools, fuzzy matching, and threat intelligence shared across industry groups.

Over the past six months, Have I Been Squatted has taken over as the team's primary domain monitoring platform, and it quickly became one of the tools analysts reach for most in day-to-day external threat work.

Portfolio coverage and evaluation results#

The team monitors more than 10 top-level domains (TLDs) across 20 to 30 corporate domains and brands. During the evaluation, and in the months since, Have I Been Squatted surfaced at least three suspicious registrations that the previous tools and fuzzy-search methods had never flagged.

Finding these missed registrations alone justified the investment.

Kevin Hendriksen, Information Security Analyst

Reducing manual review#

The bigger day-to-day win has been less manual work. Custom rules, certgrep, and targeted monitoring cut the time spent sifting through domain registrations and chasing potential threats by roughly four analyst hours a week.

More importantly, those hours are now focused on higher-confidence findings rather than manually sorting through large volumes of potential false positives.

Analyze in investigations#

The Analyze tool has also worked its way into the team's investigations. Analysts use it to pull domain intelligence quickly and size up suspicious infrastructure in the middle of a phishing or impersonation case.

It has helped the team get ahead of risk, too. Registrations on TLDs such as .support and .tech, the kind that lend themselves to help desk impersonation or credential harvesting against patients and staff, have been caught and handled before anyone could use them.

Detection before takedowns#

Detection and investigation have paid off, giving Option Care Health a clearer read on its external domain exposure than it could hold consistently with its earlier stack.

Support from the Have I Been Squatted team#

Tooling was only part of the decision. Vendor response mattered as well, both during the evaluation and in daily use. The team wanted a partner that would answer configuration questions without delay, act on feedback, and understand the constraints a security team works under when it monitors external infrastructure at scale.

The support has been equally impressive. Questions are answered quickly, feedback is welcomed, and the team clearly understands the real-world challenges security practitioners face.

Domain Protection

Protect your brand from typosquatting.

Join security teams using Have I Been Squatted to monitor malicious domains, phishing infrastructure, and brand impersonation across the open web.