24x7x365 e360 Client Technical Support: Call (877) 368-4797 opt 9, or

CASE STUDY

Security Consulting

for Healthcare

Summary

Challenge

Wanting to understand the cyber risk exposure of a publicly facing customer portal, a Premier member health system reached out to Advyz for assistance.

Solution

Conduct a PEN Test to scan and identify vulnerabilities across the portal. Guidance on a Web Application Firewall (WAF) product solution to address near term needs.

The Business Challenge

Our client, a $1.5B health system, operates a health information exchange that allows patients to share their records with community providers to facilitate continuity of care. Wanting to understand the level of risk that a publicly facing portal like this presents to their organization, our client sought the guidance of our Advyz cybersecurity experts.

The Solution

 A publicly facing patient portal presents an opportunity for criminals to infiltrate the client’s systems and access patient data. In order to assess this risk and identify appropriate mitigation strategies, our team proposed conducting a Penetration Test (PEN test) to scan and identify vulnerabilities across the portal.

Based on the quality of our PEN test work and the level of cyber expertise demonstrated by our team, the member asked Advyz for guidance on what they should do in the immediate term. A Web Application Firewall (WAF) was identified as the product solution that would yield the greatest protection / investment ratio.

 

Penetration  Testing

Approach

Advyz’s PEN test consists of red team activities to assess security controls, identify gaps and opportunities for attackers to exploit sensitive data (both proprietary and patient data).

A vulnerability and discovery scan of the client’s patient portal revealed vulnerabilities across the environment. We then conducted extensive manual testing leveraging our bank of test cases developed over the past 20 years.

Result

Advyz delivered to the client a comprehensive report that documented detailed findings, as well as recommendations for remediation organized by criticality and type (e.g., patching

Security Product Selection

Approach

Advyz is vendor agnostic, taking a trusted advisor approach to client security product selections. To help the Premier member select a WAF technology, we prepared a report comprising industry use cases, top 10 WAF products, and our product recommendation based on their specific issue and environment.

 

Result

Upon review of the WAF report, the member asked Advyz to lead product acquisition with the vendor. Our knowledgeable security practitioners developed proof-of-concepts (POC) and use cases for both products. We worked with manufacturers to find a solution that addressed the use cases, and that was a business and technical fit for the member; then presented the solutions to the member for final product selection.

The Impact

Valuing our holistic approach to cybersecurity – marrying people, process, and the right technology to suit organizational risk and culture – the member has asked Advyz to help with several strategic cyber programs, including a HIPAA assessment, as well as maturity assessments, recommendations, and implementation enhancements to their enterprise-wide Security Operations Center (SOC) and Governance, Risk, and Compliance (GRC) programs.

Advyz’s consultative approach, coupled with our deep technical and industry expertise, enabled us to respond to the member’s immediate security concerns, and partner with them as a trusted advisor for long term security planning.

Contact us today.

Learn more about how Entisys360 can address your healthcare technology needs through our leading edge advisory and technical solutions. To speak with an Entisys360 healthcare IT services consultant, contact us at healthcare@entisys360.com, or visit entisys360.com/markets/healthcare.

 

Services

Security

Creating a strategy for managing risk and compliance while helping to filter the myriad of cybersecurity technologies

Modern Infrastructure

Empowering your enterprise to its greatest potential through an efficient and secure IT infrastructure

Digital Workplace

Helping businesses keep infrastructure up-to-date, minimizing security risks, and maintaining compliance

Cloud Enablement

Accelerating IT service delivery through the adoption of agile methodologies using systems-oriented approach

Microsoft Expertise

Helping set goals and establishing benchmarks with the successful deployment of Microsoft solutions

Enterprise Managed Services

Best IT practices with design, configuration, implementation, licensing and environmental services

Markets and Market Support Vehicles

Business

Professional services and renowned expertise aligned with the trends and challenges facing a variety of industries

Healthcare

Addressing IT challenges faced by healthcare organizations through trusted services, solutions and relationships

Public Sector

Helping organizations manage costs and high availability while increasing security, compliance and efficiency

Group Purchasing

Industry-leading IT consulting services and technology solutions through a streamlined contracting process

Resource Library

Events

e360 in-person and online events

Solutions Literature

Access content on e360 services

Blog

Read about trending technology

Press Releases

Get official updates about e360

News Stories

Read about industry and e360 news

Media

e360 webinar and podcast content

About e360

Who We Are

Our mission, vision, leadership and team

Accolades

e360 awards and recognition

Privacy

e360's commitment to privacy

Community

e360's commitment to privacy

Careers

e360 career opportunities

Connect With e360

e360 locations and contact resources