Protiviti’s Healthcare Technical Security Assessment Solutions

Protiviti Healthcare Technical Security Assessment Solutions
Protiviti’s Healthcare Technical Security Assessment Solutions

Criminal cyber attacks utilizing ransomware, phishing, malware and other nefarious exploits are one of the most impactful issues affecting the healthcare industry. The reality for many organizations is that lives could be at stake. Protiviti brings deep industry knowledge and skills, including dedicated state-of-the-art cybersecurity labs, to help healthcare organizations move well beyond policy, procedure and process reviews in order to gain valuable insights into their ability to detect and protect against cyber threats.


Technical Security Assessments to Protect Data

The number of reported breaches in healthcare has risen significantly over the past few years and many expect that healthcare will continue to be an area of focus by attackers, given the data-rich environments and relative ease of exploitation. The scope of these complex healthcare system and network environments and the potential impact to patient care resulting from changes are often barriers to healthcare organizations, stopping them from rapidly deploying new security technologies and configurations to protect against the ever-changing threat landscape. Periodic technical security assessments and testing through vulnerability assessments, penetration testing, red/purple teaming, etc., are the answers that award-winning healthcare IT and security departments are utilizing to gain an understanding of where their assets, systems and networks may be vulnerable to compromise, prior to attackers utilizing the same vulnerabilities to breach the organization. The use of technical security assessments allows organizations to identify how well preventive and detective controls are functioning across the wide footprint of healthcare technical environments by using techniques similar to those of the unscrupulous parties that seek to gain access and breach your organization’s sensitive information, including ePHI data-rich resources such as electronic health records.

How Protiviti Can Help You

As a trusted business adviser, Protiviti has helped numerous healthcare organizations identify risks and develop and implement mitigation strategies through the execution of technical security assessments. Protiviti’s flexible methodology and subject-matter expertise in both the healthcare industry and cybersecurity services allow us to execute meaningful assessments that provide excellent value to our customers. Protiviti understands the complexities of healthcare organizations. We leverage our deep industry expertise while developing remediation strategies to focus on both securing sensitive systems and data and enabling the ability to provide care. Our experts think — literally — like hackers in order to help you keep them out.

Our Key Healthcare Technical Security Assessment Solutions

Penetration Testing
Conduct internal/external/wireless network and application penetration tests to help organizations identify security weaknesses which may risk the confidentiality, integrity or availability of critical systems and data.
Vulnerability Assessments
Perform automated scans of networks and systems to identify misconfigurations and weaknesses which may allow an attacker to gain unauthorized access to systems or data.
Social Engineering
Emulate real-world social engineering tactics, such as phishing emails, telephone calls and physical security bypasses, to detect awareness and policy weaknesses which may be exploited by malicious outside parties.
Network Architecture/ Configuration Review
Review network architecture documentation and perform technical configuration reviews to determine if networks, firewalls and systems are designed effectively to prevent unauthorized access and data leakage.
IT Security Awareness Training
Launch organizationwide awareness training campaigns to increase user knowledge of expected practices and their role in protecting systems and data. Perform periodic phishing campaigns with in-line training videos to continually test user awareness and provide continuing education.
Data Exfiltration/Leakage Assessment
Evaluate network traffic and firewall rules to determine if users with access to the network are able to remove, either purposefully or unintentionally, sensitive data from the network using either common file sharing tools or sophisticated exfiltration techniques.
Red/Purple Team Assessment
Execute targeted and coordinated security testing with specific, predetermined objectives. Utilize known hacker tactics, techniques and procedures (TTPs) to determine if network security teams can identify and stop ongoing attacks and network breaches.
Breach Detection/Incident Response Forensics
Review environment for signs of a current or historical breach through assessment of network activity logs, system processes and startup items, account activity, historical security tool alerts, and forensic capture of suspected compromised systems.
Security Risk Analysis
Assess an organization’s security environment to determine key risks that may be posed to its sensitive information through the identification of the information scope, key threats and vulnerabilities; review of the security controls; and resulting likelihood, impact and final risk rating determinations in accordance with HIPAA requirements, NIST guidance, etc.

Contacts

Richard Williams
Managing Director
Global Healthcare Industry Lead
Dallas, Texas
+1.214.395.1662
[email protected]
Matt Jackson
Managing Director
Healthcare IT Solutions Lead
Dallas, Texas
+1.214.284.3588
[email protected]
 

Ready to work with us?

Richard Williams
Richard Williams
Managing Director
+1.469.374.2469
Linked
Matthew Jackson
Matthew Jackson
Managing Director
+1 469.374.2479
Linked