We take pride in protecting the information that our healthcare partners rely on to accomplish their life-sustaining and life-saving missions.

Healthcare Information Security

Critical Informatics has a proven record of protecting the patient data and networks of a variety of healthcare organizations and the business associates that serve them. We begin our healthcare partnerships by developing a plan that targets three basic goals: data security and privacy, continuity of operations and regulatory compliance.

To achieve these goals, we use a combination of Managed Detection and Response (MDR) and Information Security Consulting, which uncover, and then shore-up, cybersecurity gaps and weaknesses. These services also provide the basis for monitoring healthcare information infrastructure and access to electronic Protected Health Information (ePHI) through a fiscally-responsible Managed Security Service (MSS) and executive IT Security communication strategies.

Critical Informatics is compliant with HIPAA, has internal controls and policies aligned with the requirements of the statute, and will sign a HIPAA business associate agreement when needed.

Sign up for our weekly healthcare cybersecurity briefing to stay up to date on healthcare Information Security news you need to know.

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at any time if desired.

Managed Detection and Response

Our Managed Detection and Response (MDR) service provides health sector organizations with accurate security monitoring and rapid incident response. We combine unique detection analytics with deep human expertise to detect, investigate, confirm, respond, and recover from a data compromise and prevent it from becoming a major breach. Critical Informatics helps hospitals, clinics, research organizations, device manufacturers and healthcare business associates meet their mission, in a world of quickly-evolving threats.

Our algorithms process network event data to identify:

  • Statistical anomalies
  • Interaction with known malware distribution or criminal command and control sites
  • Signature-based events from the intrusion detection Critical Insight Collector
  • Correlation of multiple suspicious events
  • Significant periodicity in signals

Utilizing elastic scalability and advanced data indexing algorithms, we are limited only by the amount of data you can provide to us. We grow as large as we need to be, and we do not lose processing capabilities as we scale. Our learning approach allows Critical Insight to become continuously more powerful, accurate and faster as data is ingested and processed.

Our promise to you is to only provide actionable alerts, not false positives. Our security experts investigate each incident to confirm which are true threats. Once confirmed, the analyst prepares and communicates a customized Incident Action Plan (IAP) and interfaces with your staff in a pre-designed incident response process to quickly address the compromise. Incidents are addressed quickly so that actual damage and loss are averted or minimized. This process eliminates false positives and gives you an actionable plan for confirmed threats.

The availability of full packet capture at the collector allows our analysts to “replay” events under investigation for 100% incident confirmation and 0 false positives while ensuring only incidental access to sensitive information. Once an incident has been confirmed, we can go “back in time” and determine if any other compromises occurred prior. We can replay all that happened, often down to the mouse-click.

Contact us to learn more about integrating our MDR Service into your cybersecurity strategy.

Information Security Consulting

The Health Insurance Portability and Accountability Act (HIPAA) requires compliance with privacy and security rules, along with periodic assessments for meaningful use of Electronic Health Records (EHR). In addition to our Managed Security Services, we offer our healthcare partners a full set of cybersecurity consulting services that ensure regularity compliance. These services include:

  • HIPAA Security Rule Risk Assessment
  • Meaningful Use Stage 2 Risk Assessment
  • Information Security Assessment
  • Wireless Security Assessments
  • Healthcare Systems Penetration Testing
  • HIPAA Security and HITECH Policy Documentation Reviews
  • HIPAA Security Awareness Training
  • Medical Device Security Assessment and Testing
  • NIST Cyber Security Framework-Aligned IT Security Strategy Development

Contact us to learn more about how our Healthcare Cyber Security Consulting can help protect your patients’ data and ensure your organization remains in compliance. 

“By partnering with Critical Informatics, MGH&FC has reduced our risk and liability, improved our regulatory compliance and assisted our mission of providing patient care and safety.”

– Tom Hornburg, Chief Information Officer MGH&FC

Learn how Critical Informatics helped Mason General Hospital & Family of Clinics (MGH&FC) protect their patients’ data, increase regulatory compliance, and save money.

Our healthcare team is led by Fred Langston.

Fred Langston CISSP CCSK, has decades of experience in information security and compliance consulting for Healthcare Payers, Providers, Clearinghouses and HIPAA Business Associates. His history in healthcare security began in 1988 when he participated in the working group that drafted the HIPAA Proposed Security Rule. That same year, he also delivered of one of the first ever HIPAA Security Risk Assessments. He has since chaired the HIMSS Security sessions in 2003 and 2004, as well as presented the seminal compliance paper, The Unified Approach to Compliance, at HIMSS 2004 as the security keynote speaker, a part of the Risk Management Alliance. Fred has also served as the leader of the HITRUST Compensating Controls committee.

Our Healthcare Advisory Board helps ensure we’re serving the cybersecurity needs of all types of healthcare organizations.

Past Healthcare News Blasts

June 15, 2018
Critical Informatics Healthcare Cyber Security

Healthcare Cybersecurity Weekly Briefing 06-15-2018

[EVENT] Happy Hour with CI Security and Algorithmia Join the fun folks from CI Security team and Algorithmia for a rousing happy hour on Tuesday, June […]
June 8, 2018
Critical Informatics Healthcare Cyber Security

Healthcare Cybersecurity Weekly Briefing 06-08-2018

Healthcare Security Awareness Training: The Needed Change This November marks 20 years since I performed my first HIPAA Security Awareness Training (SAT).  I remember it vividly, […]
May 31, 2018
Critical Informatics Healthcare Cyber Security

Healthcare Cybersecurity Weekly Briefing 06-01-2018

One in Three HCOs Hit by Cyber-Attack More than one in three healthcare providers have suffered a cyber-attack over the past year, with 10% paying a […]
May 25, 2018
Critical Informatics Healthcare Cyber Security

Healthcare Cybersecurity Weekly Briefing 05-25-2018

Enhancing Cybersecurity Response in Healthcare The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) provides healthcare the framework required to build comprehensive resilience. The […]
May 18, 2018
Critical Informatics Healthcare Cyber Security

Healthcare Cybersecurity Weekly Briefing 05-18-2018

DHS Issues Cybersecurity Warning on Philips’ CT Scanners: 5 Things to Know Philips reported various vulnerabilities in its Brilliance CT scanners to the National Cybersecurity and […]
May 11, 2018
Critical Informatics Healthcare Cyber Security

Healthcare Cybersecurity Weekly Briefing 05-11-2018

Mark Your Calendar! Hack Timing Patterns Companies and governments know they are targets for people looking to cause harm or profit by attacking their networks. Those […]

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc.
All other brand names, trademarks, service marks
 and copyrights are the property of their respective owners.

© 2017 Critical Informatics, Inc. All Rights Reserved.