Fortuna Cysec helps Healthcare Organization protect sensitive patient health information through robust cybersecurity measures

Healthcare is the most targeted vertical by hackers.

Working with the acute care facility’s IT security team Fortuna Cysec was able to assess the implemented solutions, find gaps in the implementations, bring best practices and discuss with the team.

Using TheFense product was able to implement a single platform integrating with their existing systems bringing all of the data from various security systems. In addition, deployed. Asset Management system which operated as a primary source of truth for all security systems. Network Detection and Response (NDR)

Threat Landscape in Healthcare - Healthcare is the most targeted vertical by hackers.

Security Incidents and breaches threaten patient health information, medical devices, and critical systems.

Protecting information and infrastructure is paramount for patient safety.

The average cost of a breach for a healthcare organization is about $10 Million and the organizations are faced with security budget reduction and an increase in cyber insurance premiums Year over Year.

Healthcare organizations are required to continually assess and adapt their cybersecurity measures to address evolving cyber threats and regulatory compliance requirements like HIPAA/HITECH ensuring the confidentiality, integrity, and availability of sensitive data.

A hospital room filled with lots of beds.
Table of Contents

Background

An Acute Care Facility in the Midwest part of US with over 700 physicians and nearly 200 beds; discharges more than 10,000 patients per year. The organization wanted to comply with the regulatory requirements and perform the gaps identified in a recent HIPAA/ HITECH Security Risk Assessment.

In order to effectively implement the HIPAA safeguards and also to safeguard the organization against breaches, the acute care facility has implemented the following security solutions like

  • Endpoint Detection and Response (EDR),
  • Security Information and Event Management (SIEM),
  • Intrusion prevention systems (IPS),
  • Identity access management (IAM),
  • Privileged access management (PAM),
  • Privileged Identity Management (PIM),
  • Data loss prevention (DLP),
  • Mobile Device Management (MDM),
  • Email Security and Cloud Security.
Caption
Protecting information and infrastructure is paramount for patient safety.

HIPAA/HITECH regulations require Healthcare organizations to implement security policies, and systems to keep patient health information safe and to ensure confidentiality, integrity, and availability. It is also required to monitor changes and validate the configurations and associated policies.

"The acute care facility wanted to secure its environment, monitor the network 24x7x365, stop any threats, ensure, and be able to demonstrate HIPAA security implementation specification compliance on demand."

Solution

HIPAA/HITECH regulations require Healthcare organizations to implement security policies, and systems to keep patient health information safe and to ensure confidentiality, integrity, and availability. It is also required to monitor changes and validate the configurations and associated policies.

Several security implementation specifications under HIPAA/HITECH require organizations to implement safeguard measures, to name a few.

  1. §164.308 (a) (5) (ii) (B) - Antivirus and Malware software
  2. §164.308 (a) (1) (ii) (D) - Capture, review, and storage of all logs and events
  3. §164.312 (a) (1) - Unique User Identification
  4. §164.308(a)(3)(ii)(B) - Role-based access to sensitive information
  5. §164.308 (a) (5) (ii) - Monitoring for unauthorized access, failed login attempts, password policy
  6. §164.312(a)(2)(iv) - Encryption of data at rest and in motion
  7. §164.310(d)(1) - List of all assets with location and data storage
  8. § 164.312(b)- Limiting use of the internet and downloading of software
  9. § 164.308(a)(7) - Conducting tabletop exercises.
  10. § 164.316(b) - Evidence of following the security policies

Working with the acute care facility’s IT security team Fortuna Cysec was able to assess the implemented solutions, find gaps in the implementations, bring best practices and discuss with the team.

Using TheFense product was able to implement a single platform integrating with their existing systems bringing all of the data from various security systems. In addition, deployed  Asset Management system which operated as a primary source of truth for all security systems.Network Detection and Response (NDR).

TheFense system was able to streamline all the events and alerts from various systems and perform Alert Correlation and Alert Prioritization. In addition to implementing TheFense platform, Fortuna Cysec added the 24x7x365 Manage and Detect Services from its SOC2 Type2 compliant and redundant Security Operation Center (SOC).

Current Status

Fortuna Cysec was not only able to ensure HIPAA/ HITECH regulatory compliance by closing the gaps in the corrective action plan, but it was also able to manage the systems, configure the industry best practices & security policies of the organization, and monitor the events and alerts 24x7x365.

Fortuna Cysec now maintains on an ongoing basis the systems and blocks new threats by ingesting threat intelligence, hunting for threats, and performing faster threat detection and response with effective incident management.

Fortuna Cysec was able to reduce the operational budget by 40% providing more coverage and performing all the SOC activities 24x7x365.

TheFense platform which is a managed platform with 24X7X365 Managed Detection and Response provides the acute care facility with one single platform with the security tools that form a cohesive, interconnected, interactive, configurable, dynamic cybersecurity platform with various modules and also eliminates the need for extensive and skilled in-house resources. This helps protect sensitive data from cyber threats and reduces the costs of purchasing various security tools. Also, it is able to clearly demonstrate compliance with HIPAA/HITECH and cyber insurance requirements.

A close up of an orange object on a black background.
Fortuna Cysec is Built to Operate in Your Industry

Focus on your sector-specific business goals, while we handle data protection and compliance

Fortuna Cysec helps Healthcare Organization protect sensitive patient health information through robust cybersecurity measures

Guard against cyber threats and adapt to evolving regulations like HIPAA/HITECH, all while reducing operational costs and insurance premiums

Read USe case

Keep Customer’s Sensitive Data Safe With Ever-Evolving Threats

Guard against cyber threats and adapt to evolving regulations like GLBA, all while reducing operational costs and insurance premiums

(Coming Soon)

Ensure Compliance & Security All On One Platform - The Fense

Guard against cyber threats and adapt to evolving regulations like NAIC and State regulations, all while reducing operational costs and insurance premiums

(Coming Soon)

Check Our Case Studies

Healthcare
Managed Security Services

Fortuna Cysec helps Extended Care Facility increase its security and privacy posture

Background

A Lifespan community in South East US with more than 800 residents in its various facilities which include Independent Living (IL), Assisted Living (AL), Skilled Nursing home (SNF) and Memory Care.

The organization wanted to increase its security and privacy Posture and wanted to implement the following solutions

  • Endpoint Detection and Response (EDR),
  • Security Information and Event Management (SIEM),
  • Intrusion prevention systems (IPS)
  • Identity access management (IAM),
  • Network Detection and Response (NDR)

The organization had 3 full-time staff in the IT department and did not have the required skills to implement or manage the security solutions on a 24x7x365 basis.

Protecting information and infrastructure is paramount for patient safety.

However, it was not easy for the organization's IT security team to manage and monitor the environments both on-premise and cloud effectively. They had to dive into different solutions without a single pane of glass, assets were not uniform across all of the systems, lots of events and alerts were generated from various systems, and there was no correlation of Alerts, no prioritization of the alerts, limited staff in the security team and staff retention was an issue.

The organization had 3 full-time staff in the IT department and did not have the required skills to implement or manage the security solutions on a 24x7x365 basis.

Solution

Fortuna Cysec with its team of experienced security analysts was able to do a security assessment as part of the requirements gathering to understand the organization and their needs. During this process interviewed the clinical and business staff on their day-to-day activities as it is a 24x7x365 operational medical facility to make sure the systems are configured effectively.

Fortuna Cysec implemented TheFense platform which is a managed platform with 24X7X365 Managed Detection and Response provides the facility with one single platform with the security tools that form a cohesive, interconnected, interactive, configurable, dynamic cybersecurity platform with various modules and also eliminates the need for extensive and skilled in-house resources.

TheFense platform was implemented with the following modules

  • Endpoint Detection and Response (EDR), 
  • Security Information and Event Management (SIEM), 
  • Intrusion prevention systems (IPS) 
  • Identity access management (IAM), 
  • Network Detection and Response (NDR)
  • Asset Management

The entire solution is managed and monitored 24x7x365 by Fortuna Cysec Security Operation Center which is SOC2 Type2 compliant.

Current Status

Fortuna Cysec now maintains on an ongoing basis the life span community’s systems and blocks new threats by ingesting threat intelligence, performing threat hunting activities, and performing faster threat detection and response with effective incident management. It is now one of the communities with a cutting-edge security platform. The community is also able to ensure HIPAA/ HITECH regulatory compliance.

Navin Balakrishnaraja
April 23, 2024
5 min read