We take pride in protecting the information that our healthcare partners rely on to accomplish their life-sustaining and life-saving missions.

Healthcare Information Security

Critical Informatics has a proven record of protecting the patient data and networks of a variety of healthcare organizations and the business associates that serve them. We begin our healthcare partnerships by developing a plan that targets three basic goals: data security and privacy, continuity of operations and regulatory compliance. To achieve these goals, we use a combination of Managed Detection and Response (MDR) and Information Security Consulting, which uncover, and then shore-up, cybersecurity gaps and weaknesses. These services also provide the basis for monitoring healthcare information infrastructure and access to electronic Protected Health Information (ePHI) through a fiscally-responsible Managed Security Service (MSS) and executive IT Security communication strategies.

Critical Informatics is compliant with HIPAA, has internal controls and policies aligned with the requirements of the statute, and will sign a HIPAA business associate agreement when needed.

Sign up for our weekly healthcare cybersecurity briefing to stay up to date on healthcare Information Security news you need to know.

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at any time if desired.

Managed Detection and Response

Our Managed Detection and Response (MDR) service provides health sector organizations with accurate security monitoring and rapid incident response. We combine unique detection analytics with deep human expertise to detect, investigate, confirm, respond, and recover from a data compromise and prevent it from becoming a major breach. Critical Informatics helps hospitals, clinics, research organizations, device manufacturers and healthcare business associates meet their mission, in a world of quickly-evolving threats.

Our algorithms process network event data to identify:

  • Statistical anomalies
  • Interaction with known malware distribution or criminal command and control sites
  • Signature-based events from the intrusion detection Critical Insight Collector
  • Correlation of multiple suspicious events
  • Significant periodicity in signals

Our machine learning “remembers” every question asked of the data, and this is used to automate those queries that yield results.

Utilizing elastic scalability, machine learning, and advanced data indexing algorithms, we are limited only by the amount of data you can provide to us. We grow as large as we need to be, and we do not lose processing capabilities as we scale. Our machine learning approach allows Critical Insight to become continuously more powerful, accurate and faster as data is ingested and processed.

Our promise to you is to only provide actionable alerts, not false positives. Our security experts investigate each incident to confirm which are true threats. Once confirmed, the analyst prepares and communicates a customized Incident Action Plan (IAP) and interfaces with your staff in a pre-designed incident response process to quickly address the compromise. Incidents are addressed quickly so that actual damage and loss are averted or minimized. This process eliminates false positives and gives you an actionable plan for confirmed threats.

The availability of full packet capture at the collector allows our analysts to “replay” events under investigation for 100% incident confirmation and 0 false positives while ensuring only incidental access to sensitive information. Once an incident has been confirmed, we can go “back in time” and determine if any other compromises occurred prior. We can replay all that happened, often down to the mouse-click.

Contact us to learn more about integrating our MDR Service into your cybersecurity strategy.

Information Security Consulting

The Health Insurance Portability and Accountability Act (HIPAA) requires compliance with privacy and security rules, along with periodic assessments for meaningful use of Electronic Health Records (EHR). In addition to our Managed Security Services, we offer our healthcare partners a full set of cybersecurity consulting services that ensure regularity compliance. These services include:

  • HIPAA Security Rule Risk Assessment
  • Meaningful Use Stage 2 Risk Assessment
  • Information Security Assessment
  • Wireless Security Assessments
  • Healthcare Systems Penetration Testing
  • HIPAA Security and HITECH Policy Documentation Reviews
  • HIPAA Security Awareness Training
  • Medical Device Security Assessment and Testing
  • NIST Cyber Security Framework-Aligned IT Security Strategy Development

Contact us to learn more about how our Healthcare Cyber Security Consulting can help protect your patients’ data and ensure your organization remains in compliance. 

“By partnering with Critical Informatics, MGH&FC has reduced our risk and liability, improved our regulatory compliance and assisted our mission of providing patient care and safety.”

– Tom Hornburg, Chief Information Officer MGH&FC

Learn how Critical Informatics helped Mason General Hospital & Family of Clinics (MGH&FC) protect their patients’ data, increase regulatory compliance, and save money.

Our healthcare team is led by Fred Langston.

Fred Langston CISSP CCSK, has decades of experience in information security and compliance consulting for Healthcare Payers, Providers, Clearinghouses and HIPAA Business Associates. His history in healthcare security began in 1988 when he participated in the working group that drafted the HIPAA Proposed Security Rule. That same year, he also delivered of one of the first ever HIPAA Security Risk Assessments. He has since chaired the HIMSS Security sessions in 2003 and 2004, as well as presented the seminal compliance paper, The Unified Approach to Compliance, at HIMSS 2004 as the security keynote speaker, a part of the Risk Management Alliance. Fred has also served as the leader of the HITRUST Compensating Controls committee.

Past Healthcare News Blasts

March 16, 2018
Critical Informatics Healthcare Cyber Security

Healthcare Cybersecurity Weekly Briefing 03-16-2018

Special Report: The Policies, Processes and Technologies to Guard the IoT for Healthcare “These devices often are procured and connected to the network without oversight by […]
March 9, 2018
Critical Informatics Healthcare Cyber Security

Healthcare Cybersecurity Weekly Briefing 03-09-2018

What You Can Do About Patient Safety’s Latest Threat—Cyberattacks The AMA is using the survey data to look “at how we can encourage the federal government […]
March 2, 2018
Critical Informatics Healthcare Cyber Security

Healthcare Cybersecurity Weekly Briefing 03-02-2018

HIMSS18 Focusing on Holistic Healthcare Cybersecurity This year’s privacy and security focused presentations, keynotes, and workgroups are highlighting the importance of a holistic healthcare cybersecurity program. […]
February 23, 2018
Critical Informatics Healthcare Cyber Security

Healthcare Cybersecurity Weekly Briefing 02-23-2018

[INFOGRAPHIC] Inside the Mind of a Threat Actor: Tactics, Techniques, and Procedures Explained They lure their victims with the bait of a seemingly innocent email or […]
February 16, 2018
Critical Informatics Healthcare Cyber Security

Healthcare Cybersecurity Weekly Briefing 02-16-2018

Cyber Extortion Schemes Undermining Patient Care In some cases, a hacker can freeze a health organization’s entire computer system, preventing doctors from reviewing patient records and […]
February 9, 2018
Critical Informatics Healthcare Cyber Security

Healthcare Cybersecurity Weekly Briefing 02-09-2018

Why Healthcare Cybersecurity Spending will Exceed $65B Over the Next 5 Years As the healthcare space continues digitizing all of its information, it continues to attract […]

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc.
All other brand names, trademarks, service marks
 and copyrights are the property of their respective owners.

© 2017 Critical Informatics, Inc. All Rights Reserved.