A HIPAA-regulated organization that needed to support large volumes of Personally Identifiable Information (PII) and electronic Personal Health Information (ePHI) was concerned about their cyber security exposure. In addition, they needed to comply with both HIPAA (Health Insurance Portability and Accountability Act) regulations as well as their Business Associate Agreements (BAA) with their key customers. The company was growing very rapidly; a significant cyber security breach or failure to demonstrate adequate controls could cause unrecoverable harm to their business.
Although the company had made significant investments in cyber security, they were not sure if the investments were properly placed. They wanted to find out if there were significant unknown exposures that, if exploited, would impair their ability to aggressively execute on their strategic objectives.
A E78 Cyber Security Executive was brought in to help them make these assessments and take the steps to prioritize and address any cyber security risks.
The E78 Executive worked with the company to identify the key threats that could harm their business as well as assess their current security and control environment. He next established a clear security and control framework to provide guidance and understanding. Based on the key business threats, he prioritized, recommended, and supported the implementation of required controls, activities and technical solutions.
- The organization was able to fully satisfy BAA security audits by their key customers and focus on the most important security improvements
- They established a pragmatic cyber security roadmap moving forward to enable on-going visibility and risk management
- The company significantly reduced their cyber security exposure and potential liability