A system of hospitals and healthcare providers with locations spread over a wide area was struggling with physical and information security-related challenges. The organization needed to protect patient information better. Physicians’ need for remote, mobile access to confidential medical records was producing overwhelming cyber risk. So was the need to maintain distinct sources of confidential information with varied governance processes.

The healthcare industry is a ripe target for cyber criminals. The digital exchange of patient information means massive amounts of personal health information (PHI) and personal identifiable information (PII) are constantly passed across devices and networks. Patients demand instant access to their medical information and appointments. On top of this, the industry is heavily regulated with complex compliance requirements. All of this poses a very acute cyber security risk.

GCIT knows the healthcare industry very well. This knowledge allowed us to effectively work up and down the organization, from the board to the physician network, to identify and reduce their existing cyber risk. We conducted a thorough security assessment to gain insight into the organizational culture, security governance, business practices, and physical security of information assets. With this understanding, we provided remediation steps, from how to fortify perimeter defenses to improving communication channels and building employee and physician cyber threat awareness, and developed an information security policies and standards program.