top of page

Cybersecurity Transformation for HIPAA Compliance for Large Healthcare Organization


cybersecurity transformation for hipaa compliance

Situation

A large healthcare organization with locations across the U.S. needed to ensure HIPAA compliance after suffering a significant data breach. A number of phishing and ransomware attacks had exposed sensitive data and the organization was facing multiple fines. In response to this, the company engaged Strategic Alliance Consulting’s (SAC) principal consultant to assess its vulnerabilities, create a response plan, and guide the organization to HIPAA compliance.


Solution

The principal consultant immediately stepped into the role of a Virtual Chief Information Security Officer (vCISO) for the healthcare organization. During the vulnerability assessment phase, the consultant found a variety of gaps which impacted HIPAA compliance, including:

  • Lack of an internal cybersecurity team and program, including documentation and procedures for response plans.

  • Lack of network segmentation, which meant that their corporate network was exposed to internet traffic.

  • Their Palo Alto firewall systems had not been updated in several years, which exposed their networks to unauthorized access.

Following the vulnerability assessment, the vCISO partnered with executive leadership to create a comprehensive cybersecurity program that addressed the organization’s HIPAA compliance gaps. This included:

  • Redesign of entire information security structure

  • Development of incident response and business continuity plans.

  • Creation of over 80 pieces of documentation for new policies and procedures

  • Creation of network segmentation and access controls, firewall rulesets, and end-point protection

  • Deployment of Managed Detection and Response (MDR) solution

  • Development and implementation of hiring process for full-time information security team


Results

Following the year-long cybersecurity transformation, the healthcare organization was HIPAA compliant and faced no further penalties. The vCISO was successful in implementing a complete overhaul of the organization’s information security, which prevented further successful attacks and ensured its business, technology, and people were prepared for emerging threats.


コメント


bottom of page