Protiviti’s Healthcare Technical Security Assessment Solutions

Protiviti Healthcare Technical Security Assessment Solutions
Protiviti’s Healthcare Technical Security Assessment Solutions

Criminal cyber attacks utilising ransomware, phishing, malware and other nefarious exploits are one of the most impactful issues affecting the healthcare industry. The reality for many organisations is that lives could be at stake. Protiviti brings deep industry knowledge and skills, including dedicated state-of-the-art cybersecurity labs, to help healthcare organisations move well beyond policy, procedure and process reviews in order to gain valuable insights into their ability to detect and protect against cyber threats.

Technical Security Assessments to Protect Data

The number of reported breaches in healthcare has risen significantly over the past few years and many expect that healthcare will continue to be an area of focus by attackers, given the data-rich environments and relative ease of exploitation. The scope of these complex healthcare system and network environments and the potential impact to patient care resulting from changes are often barriers to healthcare organisations, stopping them from rapidly deploying new security technologies and configurations to protect against the ever-changing threat landscape. Periodic technical security assessments and testing through vulnerability assessments, penetration testing, red/purple teaming, etc., are the answers that award-winning healthcare IT and security departments are utilising to gain an understanding of where their assets, systems and networks may be vulnerable to compromise, prior to attackers utilising the same vulnerabilities to breach the organisation. The use of technical security assessments allows organisations to identify how well preventive and detective controls are functioning across the wide footprint of healthcare technical environments by using techniques similar to those of the unscrupulous parties that seek to gain access and breach your organisation’s sensitive information, including ePHI data-rich resources such as electronic health records.

How Protiviti Can Help You

As a trusted business adviser, Protiviti has helped numerous healthcare organisations identify risks and develop and implement mitigation strategies through the execution of technical security assessments. Protiviti’s flexible methodology and subject-matter expertise in both the healthcare industry and cybersecurity services allow us to execute meaningful assessments that provide excellent value to our customers. Protiviti understands the complexities of healthcare organisations. We leverage our deep industry expertise while developing remediation strategies to focus on both securing sensitive systems and data and enabling the ability to provide care. Our experts think — literally — like hackers in order to help you keep them out.

Our Key Healthcare Technical Security Assessment Solutions

Penetration Testing
Conduct internal/external/wireless network and application penetration tests to help organisations identify security weaknesses which may risk the confidentiality, integrity or availability of critical systems and data.
Vulnerability Assessments
Perform automated scans of networks and systems to identify misconfigurations and weaknesses which may allow an attacker to gain unauthorised access to systems or data.
Social Engineering
Emulate real-world social engineering tactics, such as phishing emails, telephone calls and physical security bypasses, to detect awareness and policy weaknesses which may be exploited by malicious outside parties.
Network Architecture/ Configuration Review
Review network architecture documentation and perform technical configuration reviews to determine if networks, firewalls and systems are designed effectively to prevent unauthorised access and data leakage.
IT Security Awareness Training
Launch organisationwide awareness training campaigns to increase user knowledge of expected practises and their role in protecting systems and data. Perform periodic phishing campaigns with in-line training videos to continually test user awareness and provide continuing education.
Data Exfiltration/Leakage Assessment
Evaluate network traffic and firewall rules to determine if users with access to the network are able to remove, either purposefully or unintentionally, sensitive data from the network using either common file sharing tools or sophisticated exfiltration techniques.
Red/Purple Team Assessment
Execute targeted and coordinated security testing with specific, predetermined objectives. Utilise known hacker tactics, techniques and procedures (TTPs) to determine if network security teams can identify and stop ongoing attacks and network breaches.
Breach Detection/Incident Response Forensics
Review environment for signs of a current or historical breach through assessment of network activity logs, system processes and startup items, account activity, historical security tool alerts, and forensic capture of suspected compromised systems.
Security Risk Analysis
Assess an organisation’s security environment to determine key risks that may be posed to its sensitive information through the identification of the information scope, key threats and vulnerabilities; review of the security controls; and resulting likelihood, impact and final risk rating determinations in accordance with HIPAA requirements, NIST guidance, etc.