The Challenge
The client is a large, religiously-affiliated healthcare system located across multiple locations in the Southeastern United States. We were engaged to review, research, and collaboratively implement a customized Security Transformation Program to establish governance and foundation. The primary challenge of this project was the lack of cybersecurity awareness and infrastructure. Establishing a “Culture of Security” is equally important to providing the level of maturity needed to confront today’s security threats. Everyone must understand information security is the responsibility of the entire workforce and compromises are sometimes needed to protect patients and workforce members.
Our Solution
Understanding the multifaceted needs of this cybersecurity program, the Divurgent team developed four key objectives: build a foundational IS governance program across enterprise; establish an IS awareness program; introduce risk management capabilities; and, define metrics to measure program maturity. The deliverables for this program were as follows:
- Healthcare Governance, Risk & Compliance
- Develop a communication cadence to understand project goals, milestones, and overall progress
- Healthcare Security Program Design
- Implement Information Security Program and provide program leadership
- Healthcare Security Program Acceleration
- Define requirements and timeline to complete 40 security projects within the 33-month project timeline
The Result
The Divurgent Team worked collaboratively with the client to establish not only a cybersecurity environment but also laid the foundation for additional security measures to be implemented. Results from this project include:
- Healthcare Governance Risk & Compliance
- Established CISO office; defined security governance; built a risk management program including Risk Register; performed annual HIPAA Compliance Assessment; and, created medical IT network Risk Manager role.
- Healthcare Security Program Design
- Defined Security Awareness Program; Adopted NIST security framework; developed strategic plan; Developed IR plan & playbook; and, defined security architecture deployment plan healthcare.
- Security Program Acceleration
- Updated 40 System Security Plans and assessed security for 40 medical device types. Also implemented security solutions including data loss prevention; mobile device management; identify & access management; and, endpoint protection platform.
- Perimeter Security, Intrusion Detection & Prevention (IDP)
- 24/7 network traffic monitoring; analysis of network traffic data to support trends; a reduced number of false alerts; coordinated response to intrusion alerts; and, integration of third party to assist in monitoring and remediation efforts.
- Security Information and Event Monitoring (SIEM) Solution
- Selected and implemented SIEM software which gives security professionals both insight to and a track record of the activities within their environment.