Cybersecurity Risk Management
Health eGuard is a comprehensive, integrated, outsourced, cybersecurity solution that enables healthcare organizations to integrate the diverse range of needed cyber security analytical services and technologies into a predictable, fixed, monthly cost that is easy to forecast and budget, as well as easy to manage. Health eGuard is a more cost effective way to procure the unique expertise needed for cyber security management through an operationally integrated annual services contract.
Health eGuard also expands the traditional asset hardening or "prepare" phase into a three-phase "prepare | "protect | respond" web services-based architecture designed to mitigate most financial risk associated with a security breach. Health eGuard provides a framework enabling our clients to outsource the management of cyber security to a partner with the resources and expertise necessary to "prepare" a healthcare organization to meet the regulatory compliance and standard business practices required to maximize the level of protection of digital information - AND - effectively and rapidly "respond" to a security breach incident, should one occur, all from a single managed security services partner, Health eGuard!
What is Health eGuard?
Health eGuard is a suite of services and technologies specifically designed to improve the security profile and readiness of a healthcare organization by integrating audits and remediation with 24/7 monitoring and incident response. For an annual cost similar to a full-time staff of two professionals, Health eGuard provides access to an entire team of cyber security professionals, tools and technology previously beyond the financial resources of most organizations. A comparison of Health eGuard to traditional cyber security practices and methods is presented.
|
| Problem: |
Non-existant or immature cyber security framework |
| Synopsis: |
Cyber security is an on-going, adaptive process requiring diligence and constant management. Vulnerabilities exist or are introduced into a system through improper configuration, software bugs, or other human error such as connection of an “unhardened” device. Many organizations have not adequately funded the development of a comprehensive framework and can not recruit the kind of staff needed to implement and manage such a framework. |
| Currently: |
A framework cobbled together from available technology by over-worked staff with conflicting priorities performing manual assessments and testing. Parts of standards and industry recommended practices are selected without understanding the effectiveness of the methods nor the risk level of the data, the risk exposure of the information systems and the acceptable risk profile of the enterprise. |
| Health eGuard: |
....imparts a thorough, comprehensive, time-tested cyber security framework onto the organization that is based on clearly defined and integrated processes, standards, and industry best/standard practices with a practical ability to “operationalize” cyber security across the enterprise. NIST, ISO and SANS techniques and standards are blended to ensure both compliance to applicable regulatory statues (e.g. HIPAA, FISMA) as well as significantly raising the level of security readiness across the enterprise. |
|
|
| Problem: |
HIPAA has not been enforced and compliance with this and other regulatory statutes is too expensive. |
| Synopsis: |
The healthcare industry has already gone through one cycle of cyber security preparedness only to find out that enforcement has been non-existant. The industry is now suffering from cyber security fatigue as well as a misunderstanding of the real-world financial liabilities associated with state breach notification laws, civil (including class action) and criminal lawsuites. |
| Currently: |
Minimize spending on cyber security readiness and wait until a breach occurs. It is believed (incorrectly) that the cost of the HIPAA penalty is insignificant and much less than the cost to increase cybersecurity readiness. |
| Health eGuard: |
Regardless of the level of enforcement of HIPAA, the real-world costs to remediate a breach after it has occurred far exceed the cost of any penalty. Remediation, legal and public relations costs are approaching $200 per record lost. Successful class action suits and state breach notification laws have demonstrated real-world financial liablities approaching several million $ per breach. Health eGuard provides a much more comprehensive and reliable outsourced solution for both the cyber security “prepare” phase designed to reduce the probability of a breach as well as the “respond” phase designed to effectively manage the impact of a breach and minimize financial liability through insurance coverage. |
|
|
| Problem: |
Recruitment and retention of cyber security staff with the necessary experience and training is very difficult. |
| Synopsis: |
It is nearly impossible to find cyber security staff with the right training, experience, and credentials suitable for the unique requirements of my information management system in my geographic region. |
| Currently: |
Job share with existing network, server, database and application adminstrators to back-fill and cover cyber security tasks. |
| Health eGuard: |
Off-load most cyber security tasks to a team of professionals who can effectively address your cyber security requirements with the right staff at the right time at a cost significantly less than that for a full-time cyber security staff with the requisite experience, training and capabilities. |
|
|
| Problem: |
Preparing for the signficantly increasing risk associated with the use of EHRs and HIEs across the enterprise and protect electronically protected health information (ePHI) against compromise or attack. |
| Synopsis: |
The demands from healthcare consumers, federal and state agencies and healthcare payers for EHRs and HIEs is introducing geometrically increasing complexity and cyber security risk into my enterprise information management system. |
| Currently: |
Essentially none. This level of transformation is entirely new to the healthcare industry. It’s too complex anyway so we’ll ignore it for now and deal with it later. |
| Health eGuard: |
...understands the impact of EHRs and HIEs on existing infrastructure, personnel and organizations. A security breach is the quickest way to destroy consumer confidence in the organization’s ability to manage an EHR or HIE implementation. Health eGuard can provide a unique competitive edge by helping your organization harden the underlying assets supporting EHRs and HIEs in order to prepare for the increasing demands that these applications will place on these assets. Health eGuard’s online and trainer-based education programs will ensure that your staff isconstantly updated on the latest techniques to protect the organization against a compromise or attack. |
|
The solution - outsource cyber security management of your business to a partner with the resources and expertise necessary to effectively protect your organization's valuable intellectual property, personally identifiable information (PII) and electronic protected health information (ePHI)!
By outsourcing both the "prepare" and "respond" information security tasks to Health eGuard, the limited resources of your business can be focused on the unique and competitive aspects that you know best.
More information on the engagement process for clients is provided in Managed Security Service.
