Regional Hospital Use Case
SCRUBBING IN WITH SECURITY LEADERSHIP
GMI partners with a 300-bed, regional hospital to aid their cybersecurity efforts. With CISO as a Service, GMI assists them in protecting the data of 1,600 employees, more than 325 practitioners, and all of the hospitals patients.
Security programs need an experienced and dedicated leader. However, retaining quality, full-time security leadership can be a daunting challenge. Fortunately, we have the ability to embed part-time, consultative security leadership within your environment to lead an organization’s cybersecurity program, or simply assist the existing CISO.
Our leaders leverage deep knowhow to help assess and manage cybersecurity risk, lead incident response efforts, identify vulnerabilities, and prioritize responses to continually optimize the security program. Common focus areas include program build and management, Board-level coalition building, policy and standards development, and maturation of various programs: compliance, governance, security awareness, security metrics, goals, and more.
Assessment and Management of Risk
Initially, GMI assessed the security of the organization and measured it against an industry-adopted cybersecurity framework. This identified areas for improvement and created a baseline for future assessments. From those assessments, we were able to perform a risk assessment that provided quantitative insight for executive members within the hospital. This information resulted in modifications of the cybersecurity insurance policy.
Incident Response Leadership
Establishing a systematic, realistic vulnerability and patch management program is often difficult. GMI improved the vulnerability program, defining asset groups, establishing service level agreements, and defining a repeatable reporting framework. With an understanding of the environment, compensating controls, and impact to applications, GMI worked with hospital engineers to prioritize the patching and remediation of known vulnerabilities. Within four weeks of roll out, the hospital saw a 98% reduction in critical and high vulnerabilities, with a 80% reduction of total vulnerabilities, in core infrastructure and critical applications. With the systematic approach to the vulnerability and patch management program, the same results are being seen system wide, including within the desktop and medical device environments.
Vulnerability Identification and Prioritization
Like many healthcare organizations, this hospital was targeted by email phishing campaigns. GMI worked closely with the IT department to respond to these incidents, tighten security configurations, and help inform end users of ongoing threats. Following attacks, after-action reports were developed and lessons learned applied to mitigate future attacks.
The hospital had remnants of a security program from previous management. The program had good elements, but was applicable to that point in time. Security programs require constant tuning and optimization to ensure the safeguards are appropriate to the current threat landscape and technologies used within the organization. GMI worked side by side with compliance officers to update all security policies to ensure they were in alignment with HIPAA and the direction of the hospital. As many programs require phases and time to mature, GMI and the organization’s engineers set project goals to enhance the programs month to month.
TRUSTED HEALTHCARE SECURITY ALLY
With deep roots in security services, we are a trusted ally for your cybersecurity needs. Our customer-centric approach and healthcare expertise makes us adept at finding solutions that best address your unique security challenges. The result? A more pure security aligned to the needs of your organization.