Problem

National healthcare provider relies on hundreds of third-party vendors and medical devices that share sensitive information and interact with internal systems. Protected Health Information (PHI) can be worth 1000x more than financial data to hackers, and security vulnerabilities on medical devices have the potential to cause physical harm to patients through invalid results, dependability of systems and the exploitation of reliability requirements. The IT and Risk departments determined that the impact of a data breach, or infiltration of provider’s network of devices, warranted a comprehensive and immediate need for a more robust effort to assess third party risk and monitor medical device security. 

SOLUTION

With a need for immediate action and a daunting list of vendors and devices to cover, Fortress was engaged as a partner to analyze the vendor landscape and select the most critical vendors requiring attention using proprietary technology to overcome the challenge of protracted vendor interactions. Fortress’ IT and OT monitoring capabilities, combined with expert consultation and a patented approach for firmware hashing via blockchain allowed the client to view and manage a comprehensive risk outlook.

OUTCOMES

  • Identified and performed risk assessments of the most critical vendors in two primary categories: continuity of business (COB) and sensitive data access (EMR’s, etc.)
  • Implemented the scanning of the majority of OT assets utilized by the provider, including MRI and CT scanners, spectrum analysis machines, heart rate monitors and more.
  •  Created dashboards, reporting and alerting mechanisms to allow full visibility into the status and potential risks introduced by updates, configuration changes and new installations of medical devices.
  • Fortress was able to combine third party risk information and IT/OT vulnerability information in a “single pane of glass” analysis, which allowed the provider to correlate vendors to device manufacturers to prioritize the most vulnerable devices, from both a technology and third-party risk context. As Fortress was already familiar with many of the OT standards and vendors, they were able to help the provider create a prescriptive procurement process (PPP) to ensure new vendors and devices were considered from a risk perspective prior to onboarding.

Want to find out how Fortress can solve
problems specific to your business?

Let's connect.

   Use Case: National Healthcare Provider Takes Preventative Measures to Monitor Third-Party Risks 1407.573.6800

 For Human Resources, please call  855.367.8737

   Use Case: National Healthcare Provider Takes Preventative Measures to Monitor Third-Party Risks 2sales@fortressinfosec.com

Contact Sales


View More Resources Here

Use Case: National Healthcare Provider Takes Preventative Measures to Monitor Third-Party Risks 3
Utilities
Use Case: National Healthcare Provider Takes Preventative Measures to Monitor Third-Party Risks 4
Transportation
Use Case: National Healthcare Provider Takes Preventative Measures to Monitor Third-Party Risks 5
Healthcare
Use Case: National Healthcare Provider Takes Preventative Measures to Monitor Third-Party Risks 6
Finance
Use Case: National Healthcare Provider Takes Preventative Measures to Monitor Third-Party Risks 7
Energy
Use Case: National Healthcare Provider Takes Preventative Measures to Monitor Third-Party Risks 8
Additional Industries
Use Case: National Healthcare Provider Takes Preventative Measures to Monitor Third-Party Risks 9

Use Case: National Healthcare Provider Takes Preventative Measures to Monitor Third-Party Risks 10 Use Case: National Healthcare Provider Takes Preventative Measures to Monitor Third-Party Risks 11 Use Case: National Healthcare Provider Takes Preventative Measures to Monitor Third-Party Risks 12

189 S Orange Ave #1950, Orlando, FL 32801
(407) 573.6800
sales@fortressinfosec.com

COPYRIGHT © 2019. FORTRESS INFORMATION SECURITY. ALL RIGHTS RESERVED. PRIVACY POLICY

PRESS RELEASE

FORTRESS LAUNCHES INNOVATIVE COLLABORATION TO HELP PROTECT THE POWER GRID FROM CYBER THREATS

Emerging Risk Brief

ASSET RISK MANAGEMENT - FOR PORT AUTHORITIES

Advisory

5 STEPS FOR AN EFFECTIVE THIRD PARTY VENDOR RISK PROGRAM

White Paper

CIP COMPLIANCE – UPDATES, ENFORCEMENT AND PRACTICAL IMPLEMENTATION

Advisory

5 STEPS TO A STRONG VULNERABILITY MANAGEMENT PROGRAM

WHITE PAPER

NERC CIP COMPLIANCE

Subscribe to Fortress Newsletter

For breach reports, threat intelligence, regulatory updates, cyber security news alerts and more, sign up to receive the Fortress Newsletter.

Threat Advisory

Outdated Security Appliance Facilitates Denial-of-Service Attack on U.S. Grid

WEBINAR DOCUMENT

NERC CIP SUPPLY CHAIN SECURITY STANDARDS