24x7x365 e360 Client Technical Support: Call (877) 368-4797 opt 9, or

CASE STUDY

Security Consulting

for Healthcare

Summary

Challenge

Wanting to understand the cyber risk exposure of a publicly facing customer portal, a Premier member health system reached out to Advyz for assistance.

Solution

Conduct a PEN Test to scan and identify vulnerabilities across the portal. Guidance on a Web Application Firewall (WAF) product solution to address near term needs.

The Business Challenge

Our client, a $1.5B health system, operates a health information exchange that allows patients to share their records with community providers to facilitate continuity of care. Wanting to understand the level of risk that a publicly facing portal like this presents to their organization, our client sought the guidance of our Advyz cybersecurity experts.

The Solution

 A publicly facing patient portal presents an opportunity for criminals to infiltrate the client’s systems and access patient data. In order to assess this risk and identify appropriate mitigation strategies, our team proposed conducting a Penetration Test (PEN test) to scan and identify vulnerabilities across the portal.

Based on the quality of our PEN test work and the level of cyber expertise demonstrated by our team, the member asked Advyz for guidance on what they should do in the immediate term. A Web Application Firewall (WAF) was identified as the product solution that would yield the greatest protection / investment ratio.

 

Penetration  Testing

Approach

Advyz’s PEN test consists of red team activities to assess security controls, identify gaps and opportunities for attackers to exploit sensitive data (both proprietary and patient data).

A vulnerability and discovery scan of the client’s patient portal revealed vulnerabilities across the environment. We then conducted extensive manual testing leveraging our bank of test cases developed over the past 20 years.

Result

Advyz delivered to the client a comprehensive report that documented detailed findings, as well as recommendations for remediation organized by criticality and type (e.g., patching

Security Product Selection

Approach

Advyz is vendor agnostic, taking a trusted advisor approach to client security product selections. To help the Premier member select a WAF technology, we prepared a report comprising industry use cases, top 10 WAF products, and our product recommendation based on their specific issue and environment.

 

Result

Upon review of the WAF report, the member asked Advyz to lead product acquisition with the vendor. Our knowledgeable security practitioners developed proof-of-concepts (POC) and use cases for both products. We worked with manufacturers to find a solution that addressed the use cases, and that was a business and technical fit for the member; then presented the solutions to the member for final product selection.

The Impact

Valuing our holistic approach to cybersecurity – marrying people, process, and the right technology to suit organizational risk and culture – the member has asked Advyz to help with several strategic cyber programs, including a HIPAA assessment, as well as maturity assessments, recommendations, and implementation enhancements to their enterprise-wide Security Operations Center (SOC) and Governance, Risk, and Compliance (GRC) programs.

Advyz’s consultative approach, coupled with our deep technical and industry expertise, enabled us to respond to the member’s immediate security concerns, and partner with them as a trusted advisor for long term security planning.

Contact us today.

Learn more about how Entisys360 can address your healthcare technology needs through our leading edge advisory and technical solutions. To speak with an Entisys360 healthcare IT services consultant, contact us at healthcare@entisys360.com, or visit entisys360.com/markets/healthcare.

 

Services

Security and Privacy

Creating a strategy for managing risk and compliance, while helping to filter the noise of myriad cybersecurity technologies.

Modern Infrastructure

Empowering your enterprise to achieve its full potentialand greatest efficiencyby keeping IT infrastructure operational, available and secure.

Digital Workplace

Helping businesses keep infrastructure up-to-date, minimizing security risks, and maintaining compliance

Cloud, DevOps & Automation

Accelerating IT service delivery for our clients through the adoption of agile methodologies that are all part of a systems-oriented approach.

Microsoft Expertise

Helping set goals and establishing benchmarks for the journey toward the successful deployment of Microsoft solutions.

Enterprise Managed Services

Design, implementation, licensing optimization, and environmental services, ensuring use of Microsoft's best practices and configurations.

Our Markets and Market Support Vehicles

Business

Professional services and nationally-recognized expertise that align perfectly with the trends and challenges facing a variety of industries.

Healthcare

Recognizing the unique challenges faced by healthcare IT organizations, and offering understanding, capabilities, and trusted relationships.

Public Sector

Helping organizations contain costs maintain high availability while finding new ways to increase security, compliance and more.

Group Purchasing

Industry-leading IT consulting services and technology solutionsaccessed through a streamlined contracting process.

Resources

Events

Learn about our upcoming events and webinars.

Solutions Literature

Access content on solution and service offerings.

Blog

Learn about leading technology topics.

Press Releases

Read official updates from the e360 team.

News Stories

Read about latest industry and  e360 news.

About e360

About e360

Our mission, vision, leadership and team

Accolades

e360 awards and recognition

Privacy

e360's commitment to privacy

Community

e360's commitment to privacy

Careers

e360 career opportunities

Contact

e360 locations and contact resources