We take pride in protecting the information that our healthcare partners rely on to accomplish their life-sustaining and life-saving missions.

Sign up for our weekly healthcare cybersecurity briefing to stay up to date on healthcare Information Security news that you need to know.

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at any time if desired.

Critical Informatics has a proven record of protecting the patient data and networks of a variety of healthcare organizations and the business associates that serve them. We begin our healthcare partnerships by developing a plan that targets three basic goals: data security and privacy, continuity of operations and regulatory compliance. To achieve these goals, we use a combination of Managed Detection and Response (MDR) and Information Security Consulting, which uncover, and then shore-up, cybersecurity gaps and weaknesses. These services also provide the basis for monitoring healthcare information infrastructure and access to electronic Protected Health Information (ePHI) through a fiscally-responsible Managed Security Service (MSS) and executive IT Security communication strategies.

“By partnering with Critical Informatics, MGH&FC has reduced our risk and liability, improved our regulatory compliance and assisted our mission of providing patient care and safety.”

– Tom Hornburg, Chief Information Officer MGH&FC

Learn how Critical Informatics helped Mason General Hospital & Family of Clinics (MGH&FC) protect their patients’ data, increase regulatory compliance, and save money.

Managed Detection and Response

Our Managed Detection and Response (MDR) service provides health sector organizations with accurate security monitoring and rapid incident response. We combine unique detection analytics with deep human expertise to detect, investigate, confirm, respond, and recover from a data compromise and prevent it from becoming a major breach. Critical Informatics helps hospitals, clinics, research organizations, device manufacturers and healthcare business associates meet their mission, in a world of quickly-evolving threats.

Our “Big Data” technology and machine learning algorithms process network event data to identify:

  • Statistical anomalies
  • Heuristic, behavioral anomalies
  • Interaction with known malware distribution or criminal command and control sites
  • Signature-based intrusion detection events
  • Correlation of multiple suspicious events
  • Significant periodicity in signals

Our hyper-dimensional clustering algorithm is unique to the Critical Insight platform and optimizes the efficiency and speed of Analyst investigations.

Utilizing elastic scalability, machine learning, and advanced data indexing algorithms, we are limited only by the amount of data you can provide to us. We grow as large as we need to be, and we do not lose processing capabilities as we scale. Our machine learning approach allows Critical Insight to become continuously more powerful, accurate and faster as data is ingested and processed.

Our promise to you is to only provide actionable alerts, not false positives. Our security experts investigate each incident to confirm which are true threats. Once confirmed, the analyst prepares and communicates a customized Incident Action Plan (IAP) and interfaces with your staff in a pre-designed incident response process to quickly address the compromise. Incidents are addressed quickly so that actual damage and loss are averted or minimized. This process eliminates false positives and gives you an actionable plan for confirmed threats.

The availability of full packet capture at the collector allows our analysts to “replay” events under investigation for 100% incident confirmation and 0 false positives while ensuring only incidental access to sensitive information. Once an incident has been confirmed, we can go “back in time” and determine if any other compromises occurred prior. We can replay all that happened, often down to the mouse-click.

Contact us to learn more about integrating our MDR Service into your Cyber Security strategy.

Information Security Consulting

The Health Insurance Portability and Accountability Act (HIPAA) requires compliance with privacy and security rules, along with periodic assessments for meaningful use of Electronic Health Records (EHR). In addition to our Managed Security Services, we offer our healthcare partners a full set of cybersecurity consulting services that ensure regularity compliance. These services include:

  • HIPAA Security Rule Risk Assessment
  • Meaningful Use Stage 2 Risk Assessment
  • Information Security Assessment
  • Wireless Security Assessments
  • Healthcare Systems Penetration Testing
  • HIPAA Security and HITECH Policy Documentation Reviews
  • HIPAA Security Awareness Training
  • Medical Device Security Assessment and Testing
  • NIST Cyber Security Framework-Aligned IT Security Strategy Development

Contact us to learn more about how our Healthcare Cyber Security Consulting can help protect your patients’ data and ensure your organization remains in compliance. 

Our healthcare team is led by Fred Langston.

Fred Langston CISSP CCSK, has decades of experience in information security and compliance consulting for Healthcare Payers, Providers, Clearinghouses and HIPAA Business Associates. His history in healthcare security began in 1988 when he participated in the working group that drafted the HIPAA Proposed Security Rule. That same year, he also delivered of one of the first ever HIPAA Security Risk Assessments. He has since chaired the HIMSS Security sessions in 2003 and 2004, as well as presented the seminal compliance paper, The Unified Approach to Compliance, at HIMSS 2004 as the security keynote speaker, a part of the Risk Management Alliance. Fred has also served as the leader of the HITRUST Compensating Controls committee.

Past Healthcare News Blasts

July 17, 2017
Critical Informatics Healthcare Cyber Security

Healthcare Cybersecurity Weekly Briefing 7-14-2017

Overcoming File Sharing, Healthcare Cloud Security Concerns Potential file sharing and healthcare cloud security risks must be addressed in covered entities’ and business associates’ risk analyses, […]
July 7, 2017
Critical Informatics Healthcare Cyber Security

Healthcare Cybersecurity Weekly Briefing 7-7-2017

8 Major Problems Healthcare CIOs Are Facing While security and privacy concerns have been created by modern technology, it has done really well when it comes […]
June 30, 2017
Critical Informatics Healthcare Cyber Security

Healthcare Cybersecurity Weekly Briefing 6-30-2017

U.S. hospitals have been hit by the global ransomware attack Today, one of the largest drug makers in the U.S., Merck, reported being infected by the […]
June 30, 2017
Critical Informatics Healthcare Cyber Security

Healthcare Cybersecurity Weekly Briefing 6-23-2017

Health Sector Security and the “Big Squishy Middle” Call center operations have been shut down by telephone denial of service. An entire hospital system in the […]
June 16, 2017
Critical Informatics Healthcare Cyber Security

Healthcare Cybersecurity Weekly Briefing 6-16-2017

Healthcare Industry Suffers the Most Cyber Attacks “The data shows that healthcare and education are consistently targeted and attackers can easily evade perimeter defenses,” the report […]
June 9, 2017

Healthcare Cybersecurity Weekly Briefing 6-9-2017

Healthcare Hacking Leading Cause for 2017 Incidents Cybersecurity issues continue to plague the healthcare industry, so it should come as no surprise that healthcare hacking and […]

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc.
All other brand names, trademarks, service marks
 and copyrights are the property of their respective owners.

© 2017 Critical Informatics, Inc. All Rights Reserved.