Enterprise Healthcare SecurityEnterprise Healthcare Security Goals Describe your short, medium, and long-term goals. Is this exercise related to a specific project or to identify projects and/or cost savings more broadly? Specific Project(s) Broader Exercise Specific Project(s): describe timeline, details, level of executive sponsorship: Broader Exercise: do you need pricing for budgetary approval? What is driving change in your organization? Breach (publicly disclosed) Cyber Insurance New Executive Visibility New Board Members DDoS Attack Mergers & Acquisitions Strategic Change (i.e. EMR/EHR) Other What is driving change in your organization? (Other) Org Structure In your organization, where do Security, IT, and DevOps report? Does your Board have a security-focused committee? Yes No Who briefs the Board about Governance, Risk, and Compliance (GRC)? EMR / EHRWhich EMR/EHR do you use? Allscripts Athenahealth Cerner CPSI Epic MEDHOST Meditech Other Which EMR/EHR do you use? (Other) How do you currently host your EMR/EHR? On-Premises Colocation Infrastructure as a Service Software as a ServiceWho manages your EMR/EHR? Self-managed Managed by third partyFacilitiesWhat Facility/Service Types are in scope?Quantity Ambulatory Surgical Center Birth Center Clinic/Medical Office Dialysis Facilities Hospice Care Hospital Imaging/Radiology Long-term Care Hospital Mental Health/Addiction Treatment Center Nursing Home Orthopedic Rehabilitation Pharmacy/Dispensary/Banking Telehealth Other What are your top priorities from the above list? Compliance & Governance Please describe any restrictions with respect to U.S. data sovereignty or operations. i.e., physical operations in the U.S., operations conducted by U.S. persons, data residing in the U.S., etc.Do you have any federal requirements? Federal funding Purchase from GSA schedule FISMA, FedRAMP Other Do you have any federal requirements? (Other) Which compliance frameworks are drivers in your organization? CCPA FHIR GDPR HIPAA HITRUST ISO 27000 PCI DSS SOC 1/2/3 Other Which compliance frameworks are drivers in your organization? (Other) Do you need a PCI assessment? Yes NoDo you need a QSA to certify your PCI program? Yes NoSOC 1, SOC 2, or SOC 3? SOC 1 SOC 2 SOC 3SOC Type I or Type II? Type I Type II Please describe any current compliance initiatives. i.e., We currently have HIPAA and are pursuing HITRUST; we need people to prioritize and execute recommendations from our assessment. We must meet PCI DSS, and we need a vendor to conduct a penetration test. How do you assess the security programs of your third-party suppliers? How do you respond to security questionnaires from partners? Current Products & Services Please list your current security products: e.g., Crowdstrike endpoint protection, Palo Alto firewalls, Okta SSO, IBM QRadar SIEM, etc. Please list your current IT service providers: i.e., MSPs, MSSPs, cloud providers, contract services Are you strongly tied to any of the above? Please describe. MDR / MSSP / SOCWho currently monitors your security logs and alerts? Internal Third-party SOC Mix of Internal/Third-Party Other Who currently monitors your security logs and alerts? (Other) Do you have eyes on glass 24/7? Yes NoAre you interested in a new third-party monitoring service? Yes No Which log sources, if any, are not monitored? NetworkWhat do you use for site-to-site connectivity? IPsec VPN MPLS SD-WAN Other What do you use for site-to-site connectivity? (Other) What do you use for remote employee access? VPN ZTNA Other What do you use for remote employee access? (Other) How do you currently prevent Layer 3 and Layer 4 DDoS attacks? Ex. We have physical appliances on location that scrub for Layer 3 and 4 DDoS, but don't have circuit-level protection. How do you separate and segment your networks? Ex. The Corporate network is physically separated from the IoMT network. The Corporate uses vLANs and subnets. The IoMT network is flat. Do any partners or clients have direct access to any of your systems? If so, please describe. Backup / Disaster Recovery Please describe your current backup and disaster recovery strategies. Backup software in use: Do you send backups offsite? Yes NoDo you keep an offline copy of backups? Yes NoIs backup data encrypted? Yes No Replication software in use: Current RPO: Current RTO: Desired RPO: Desired RTO: Are you interested in a new solution? Yes - manage existing backup or replication software Yes - point current software at offsite/cloud target Yes - replace existing backup or replication software Yes - improve RPO and RTO Not at this timeIoT / IoMT # IoT/IoMT Devices: Are your medical devices segmented from the rest of the network? Please describe. How do you onboard new IoMT devices? How do you retire old IoMT devices? Are your IoMT communications encrypted end-to-end? Yes NoMiscellaneousDo you need help with any physical security requirements? Access Control Security Cameras Other Do you need help with any physical security requirements? (Other) Do you have any significant patient or partner web portals? Yes NoSelect the areas in which you have DLP (Data Loss Prevention) in place: Email EMR/EHR Endpoint Network SaaSAre you interested in DLP for areas you don't protect today? Yes NoHow do you develop and deliver applications? Developers in-house Applications hosted on-prem Other How do you develop and deliver applications? (Other) Document Upload Drop a file here or click to upload Choose FileMaximum file size: 52.43MBAdministration First Name (Client) * Last Name * Title Email Address * Phone Number * Company * # Employees * HQ Address * Address Line 2 City * Country USA Canada UK State * AlabamaAlaskaArizonaArkansasCaliforniaColoradoConnecticutDelawareDistrict of ColumbiaFloridaGeorgiaHawaiiIdahoIllinoisIndianaIowaKansasKentuckyLouisianaMaineMarylandMassachusettsMichiganMinnesotaMississippiMissouriMontanaNebraskaNevadaNew HampshireNew JerseyNew MexicoNew YorkNorth CarolinaNorth DakotaOhioOklahomaOregonPennsylvaniaRhode IslandSouth CarolinaSouth DakotaTennesseeTexasUtahVermontVirginiaWashingtonWest VirginiaWisconsinWyoming Province/Territory * AlbertaBritish ColumbiaManitobaNew BrunswickNewfoundland & LabradorNorthwest TerritoriesNova ScotiaNunavutOntarioPrince Edward IslandQuebecSaskatchewanYukon Postal Code Trusted Advisor / Account Manager * TA/AM Email Address * TA/AM Phone Number * If you are human, leave this field blank. Submit