How a Regional Hospital Benefits From Security Leadership Services

Alagen partners with a 300-bed, regional hospital to aid their cybersecurity efforts. With CISO as a Service, Alagen assists them in protecting the data of 1,600 employees, more than 325 practitioners, and their patients.

CISO Advisory

Security programs need an experienced and dedicated leader. However, retaining quality, full-time security leadership can be a daunting challenge. Fortunately, we have the ability to embed part-time, consultative security leadership within your environment to lead an organization’s cybersecurity program, or simply assist the existing CISO.

Our leaders leverage deep knowhow to help assess and manage cybersecurity risk, lead incident response efforts, identify vulnerabilities, and prioritize responses to continually optimize the security program. Common focus areas include program build and management, Board-level coalition building, policy and standards development, and maturation of various programs: compliance, governance, security awareness, security metrics, goals, and more.

Regional Hospital Use Case

Assessment and Management of Risk

Initially, Alagen assessed the security of the organization and measured it against an industry-adopted cybersecurity framework. This identified areas for improvement and created a baseline for future assessments. From those assessments, we were able to perform a risk assessment that provided quantitative insight for executive members within the hospital. This information resulted in modifications of the cybersecurity insurance policy.

Incident Response Leadership

Establishing a systematic, realistic vulnerability and patch management program is often difficult. Alagen improved the vulnerability program, defining asset groups, establishing service level agreements, and defining a repeatable reporting framework. With an understanding of the environment, compensating controls, and impact to applications, Alagen worked with hospital engineers to prioritize the patching and remediation of known vulnerabilities. Within four weeks of roll out, the hospital saw a 98% reduction in critical and high vulnerabilities, with a 80% reduction of total vulnerabilities, in core infrastructure and critical applications. With the systematic approach to the vulnerability and patch management program, the same results are being seen system wide, including within the desktop and medical device environments.

Vulnerability Identification and Prioritization

Like many healthcare organizations, this hospital was targeted by email phishing campaigns. Alagen worked closely with the IT department to respond to these incidents, tighten security configurations, and help inform end users of ongoing threats. Following attacks, after-action reports were developed and lessons learned applied to mitigate future attacks.

Continual Optimization

The hospital had remnants of a security program from previous management. The program had good elements, but was applicable to that point in time. Security programs require constant tuning and optimization to ensure the safeguards are appropriate to the current threat landscape and technologies used within the organization. Alagen worked side by side with compliance officers to update all security policies to ensure they were in alignment with HIPAA and the direction of the hospital. As many programs require phases and time to mature, Alagen and the organization’s engineers set project goals to enhance the programs month to month.

“Alagen’s CISO as a Service is one way we overcome the challenges of finding and retaining quality, executive-level security talent. I highly recommend this service.” 

– CIO + VP, Information Technology

Trusted Healthcare Security Ally

100% security services, we are a trusted ally for your cybersecurity needs. Our customer-centric approach and industry-specific expertise makes us adept at finding solutions that best address your unique security challenges. The result? A more pure security aligned to the needs of your organization.

CISO as a Service

CISO as a Service embeds executive-level information security consulting within the environment to help lead initiatives and assist with program development, maturation, and management.

Learn More

Interested in talking to one of our experts?
Contact us by filling out the form below.