Enterprise Healthcare Security

Enterprise Healthcare Security

Enterprise Healthcare Security

Goals

Is this exercise related to a specific project or to identify projects and/or cost savings more broadly?
What is driving change in your organization?

Org Structure

Does your Board have a security-focused committee?

EMR / EHR

Which EMR/EHR do you use?
How do you currently host your EMR/EHR?
Who manages your EMR/EHR?

Facilities

What Facility/Service Types are in scope?

Quantity

Compliance & Governance

i.e., physical operations in the U.S., operations conducted by U.S. persons, data residing in the U.S., etc.
Do you have any federal requirements?
Which compliance frameworks are drivers in your organization?
Do you need a PCI assessment?
Do you need a QSA to certify your PCI program?
SOC 1, SOC 2, or SOC 3?
SOC Type I or Type II?
i.e., We currently have HIPAA and are pursuing HITRUST; we need people to prioritize and execute recommendations from our assessment. We must meet PCI DSS, and we need a vendor to conduct a penetration test.

Current Products & Services

e.g., Crowdstrike endpoint protection, Palo Alto firewalls, Okta SSO, IBM QRadar SIEM, etc.
i.e., MSPs, MSSPs, cloud providers, contract services

MDR / MSSP / SOC

Who currently monitors your security logs and alerts?
Do you have eyes on glass 24/7?
Are you interested in a new third-party monitoring service?

Network

What do you use for site-to-site connectivity?
What do you use for remote employee access?
Ex. We have physical appliances on location that scrub for Layer 3 and 4 DDoS, but don't have circuit-level protection.
Ex. The Corporate network is physically separated from the IoMT network. The Corporate uses vLANs and subnets. The IoMT network is flat.

Backup / Disaster Recovery

Do you send backups offsite?
Do you keep an offline copy of backups?
Is backup data encrypted?
Are you interested in a new solution?

IoT / IoMT

Are your IoMT communications encrypted end-to-end?

Miscellaneous

Do you need help with any physical security requirements?
Do you have any significant patient or partner web portals?
Select the areas in which you have DLP (Data Loss Prevention) in place:
Are you interested in DLP for areas you don't protect today?
How do you develop and deliver applications?

Maximum file size: 52.43MB

Administration

Country
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.