Healthcare Information Security
Critical Informatics has a proven record of protecting the patient data and networks of a variety of healthcare organizations and the business associates that serve them. We begin our healthcare partnerships by developing a plan that targets three basic goals: data security and privacy, continuity of operations and regulatory compliance.
To achieve these goals, we use a combination of Managed Detection and Response (MDR) and Information Security Consulting, which uncover, and then shore-up, cybersecurity gaps and weaknesses. These services also provide the basis for monitoring healthcare information infrastructure and access to electronic Protected Health Information (ePHI) through a fiscally-responsible Managed Security Service (MSS) and executive IT Security communication strategies.
Critical Informatics is compliant with HIPAA, has internal controls and policies aligned with the requirements of the statute, and will sign a HIPAA business associate agreement when needed.
Sign up for our weekly healthcare cybersecurity briefing to stay up to date on healthcare Information Security news you need to know.
Managed Detection and Response
Our Managed Detection and Response (MDR) service provides health sector organizations with accurate security monitoring and rapid incident response. We combine unique detection analytics with deep human expertise to detect, investigate, confirm, respond, and recover from a data compromise and prevent it from becoming a major breach. Critical Informatics helps hospitals, clinics, research organizations, device manufacturers and healthcare business associates meet their mission, in a world of quickly-evolving threats.
Our algorithms process network event data to identify:
- Statistical anomalies
- Interaction with known malware distribution or criminal command and control sites
- Signature-based events from the intrusion detection Critical Insight Collector
- Correlation of multiple suspicious events
- Significant periodicity in signals
Utilizing elastic scalability and advanced data indexing algorithms, we are limited only by the amount of data you can provide to us. We grow as large as we need to be, and we do not lose processing capabilities as we scale. Our learning approach allows Critical Insight to become continuously more powerful, accurate and faster as data is ingested and processed.
Our promise to you is to only provide actionable alerts, not false positives. Our security experts investigate each incident to confirm which are true threats. Once confirmed, the analyst prepares and communicates a customized Incident Action Plan (IAP) and interfaces with your staff in a pre-designed incident response process to quickly address the compromise. Incidents are addressed quickly so that actual damage and loss are averted or minimized. This process eliminates false positives and gives you an actionable plan for confirmed threats.
The availability of full packet capture at the collector allows our analysts to “replay” events under investigation for 100% incident confirmation and 0 false positives while ensuring only incidental access to sensitive information. Once an incident has been confirmed, we can go “back in time” and determine if any other compromises occurred prior. We can replay all that happened, often down to the mouse-click.
Contact us to learn more about integrating our MDR Service into your cybersecurity strategy.
Information Security Consulting
The Health Insurance Portability and Accountability Act (HIPAA) requires compliance with privacy and security rules, along with periodic assessments for meaningful use of Electronic Health Records (EHR). In addition to our Managed Security Services, we offer our healthcare partners a full set of cybersecurity consulting services that ensure regularity compliance. These services include:
- HIPAA Security Rule Risk Assessment
- Meaningful Use Stage 2 Risk Assessment
- Information Security Assessment
- Wireless Security Assessments
- Healthcare Systems Penetration Testing
- HIPAA Security and HITECH Policy Documentation Reviews
- HIPAA Security Awareness Training
- Medical Device Security Assessment and Testing
- NIST Cyber Security Framework-Aligned IT Security Strategy Development
“By partnering with Critical Informatics, MGH&FC has reduced our risk and liability, improved our regulatory compliance and assisted our mission of providing patient care and safety.”
– Tom Hornburg, Chief Information Officer MGH&FC
Learn how Critical Informatics helped Mason General Hospital & Family of Clinics (MGH&FC) protect their patients’ data, increase regulatory compliance, and save money.
Our healthcare team is led by Fred Langston.
Fred Langston CISSP CCSK, has decades of experience in information security and compliance consulting for Healthcare Payers, Providers, Clearinghouses and HIPAA Business Associates. His history in healthcare security began in 1988 when he participated in the working group that drafted the HIPAA Proposed Security Rule. That same year, he also delivered of one of the first ever HIPAA Security Risk Assessments. He has since chaired the HIMSS Security sessions in 2003 and 2004, as well as presented the seminal compliance paper, The Unified Approach to Compliance, at HIMSS 2004 as the security keynote speaker, a part of the Risk Management Alliance. Fred has also served as the leader of the HITRUST Compensating Controls committee.
Past Healthcare News Blasts
Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc.
All other brand names, trademarks, service marks and copyrights are the property of their respective owners.
© 2017 Critical Informatics, Inc. All Rights Reserved.