Comprehensive Security Risk Assessment

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor.

Overview

Our Security Risk Assessment service marries rich subject matter expertise in the fields of healthcare operations, information security, and regulatory compliance using industry recognized frameworks and risk analysis methods. This independent, third-party assessment, provides your leadership with a clear picture of cyber risk, recommendations to improve your overall risk posture, and a measure of compliance against regulatory obligations.

Risk Assessment Methodology


CynergisTek uses a NIST-based methodology when conducting a Risk Assessment, which combines a security program and technical assessment into a single engagement aimed specifically at addressing the regulatory requirements for a risk assessment and ongoing risk management. Our assessments are never performed by contractors, and our consultants are experts in the healthcare space who are experienced in the nuances of the industry.

Report of Findings & Trending Data


After data collection, we provide a detailed report of findings that includes observations, and recommendations, and a risk analysis workbook that provides overall risk determination based on the likelihood and impact of your vulnerabilities. CynergisTek also provides a peer comparison of other similar healthcare organizations derived from the many assessments we perform each year. Repeat customers will receive personalized trending data that will help assess the overall program maturity.

We also offer this Security Risk Assessment as part of a comprehensive compliance management program, Compliance Assist Partner Program (CAPP).

Key Benefits

icons-sheeld-protect

Risk Assessment Methodology

CynergisTek uses a NIST-based methodology when conducting a Risk Assessment, which combines a security program and technical assessment into a single engagement aimed specifically at addressing the regulatory requirements for a risk assessment and ongoing risk management. Our assessments are never performed by contractors, and our consultants are experts in the healthcare space who are experienced in the nuances of the industry.

AE35B408-31B6-4443-8504-F225B9D6DA64

Report of Findings & Trending Data

CynergisTek uses a NIST-based methodology when conducting a Risk Assessment, which combines a security program and technical assessment into a single engagement aimed specifically at addressing the regulatory requirements for a risk assessment and ongoing risk management. Our assessments are never performed by contractors, and our consultants are experts in the healthcare space who are experienced in the nuances of the industry.

icons-sheeld-protect

Risk Assessment Methodology

CynergisTek uses a NIST-based methodology when conducting a Risk Assessment, which combines a security program and technical assessment into a single engagement aimed specifically at addressing the regulatory requirements for a risk assessment and ongoing risk management. Our assessments are never performed by contractors, and our consultants are experts in the healthcare space who are experienced in the nuances of the industry.

8BF97EFC-51D0-4C81-88C3-9CB0867F91B0

Risk Assessment Methodology

CynergisTek uses a NIST-based methodology when conducting a Risk Assessment, which combines a security program and technical assessment into a single engagement aimed specifically at addressing the regulatory requirements for a risk assessment and ongoing risk management. Our assessments are never performed by contractors, and our consultants are experts in the healthcare space who are experienced in the nuances of the industry.

Assessment Components

Program Assessment Components

Technical Assessment Components

99668A4E-FCDD-4EC5-98BF-E35E304F9027

Cybersecurity Program Assessment

59B9EC65-44C0-4CEE-BF00-4FE72981B672

Promoting Interoperability Security Controls Assessment

The Cybersecurity Program Assessment serves as a foundation of the Risk Assessment process and evaluates your security controls against the HIPAA Security Rule or other requested compliance standards. However, this is not just a simple gap analysis, we evaluate your controls against the NIST CSF and provide a maturity score using the COBIT Maturity Model (similar to the CMMI and other models). This additional level of review, gained through evidence collection, onsite interviews, and physical walk-throughs, gives your organization the knowledge to make better risk-based decisions.

CynergisTek’s Promoting Interoperability (formerly Meaningful Use) Security Controls Assessment , in conjunction with a Risk Assessment, will provide you with a deliverable you can use for your attestation process. To gather data for the assessment, CynergisTek will conduct interviews and working sessions with key stakeholders as part of an independent verification and validation of each of the privacy and security controls associated with the certified EHR necessary to demonstrate meaningful use. Interviews and working sessions focus on the demonstration of compliance that each functionality exists, is enabled, performs properly, and that there is a documented process around it to ensure its use.

59B9EC65-44C0-4CEE-BF00-4FE72981B672

Enterprise Architecture Assessment

99668A4E-FCDD-4EC5-98BF-E35E304F9027

Wireless Security Assessment

59B9EC65-44C0-4CEE-BF00-4FE72981B672

Vulnerability Assessment

The Enterprise Architecture Assessment will look at how your organization builds, hardens, deploys, and patches assets such as network equipment, servers, workstations, printers, mobile devices, bio-medical devices, etc. In our assessment, we will interview key stakeholders, review your processes, and document our findings. In addition, we will review the maturity of your program to determine areas of improvement based on industry best practice recommendations.

During the course of conducting the Wireless Security Assessment, CynergisTek will look for and enumerate access points across your environment. We will document known and unknown access points, validate wireless security configurations, and evaluate the overall management of your wireless infrastructure against best practices and your compliance requirements.

The vulnerability assessment documents the current state of your technical environment, both internally and externally. The scans identify both confirmed and potential vulnerabilities and ranks them by criticality based on your preference (by asset, IP, type, etc.) For organizations that do not have a formal program, this is a great solution to not only see where your processes currently sit, but to also document and help justify a potential purchase or managed service relationship. For organizations that have formal vulnerability programs, our process can validate the effectiveness of your current processes and procedures.

Outcome

Lorem Ipsum Dolor

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et eiusmod tempor incididunt ut labore et dolore magna aliqua dolore magna aliqua. quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Lorem Ipsum Dolor

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et eiusmod tempor incididunt ut labore et dolore magna aliqua dolore magna aliqua. quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Lorem Ipsum Dolor

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et eiusmod tempor incididunt ut labore et dolore magna aliqua dolore magna aliqua. quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

A CIO’s mission should be to protect patient privacy through the continual improvement of security programs. Having CynergisTek conduct an annual risk assessment supports my team as we work towards this mission by identifying vulnerabilities, analyzing risk, and revealing trends that might have gone unnoticed without them.

Chuck Podesta
Chief Information Officer, University of California, Irvine

CynergisTek’s risk assessment services are vital for us. The vendor helps us meet a major HIPAA requirement; they help us do risk-based analysis of our programs and figure out where we stand. Their overall assessments of the maturity of our programs are very useful. These assessments let my management see what we are doing, where our strengths are, and where we need to improve.

KLAS performance report
Cybersecurity Services 2018: Achieving Outcomes Through Healthcare Knowledge and Tailored Services

Related Resources

Get Started with CynergisTek Today

Assess. Build. Manage. Validate.

Subscribe to our newsletter