Cybersecurity is Essential for Hospitals. We Help Hospitals Establish Cybersecurity Protocols and Protect Their Patient, Employee, and Business Data on an Ongoing Basis.
Hospital Consulting Team Lead – Timothy E. Allen | Former Special Agent (U.S. Secret Service & DOJ-OIG)
Aside from billing compliance, cybersecurity is perhaps the main issue that keeps hospital CEOs and compliance officers up at night. Cybersecurity is a constantly shifting target, and hospitals are particularly susceptible to malicious attacks due to the nature and volume of data they generate and store.
As a result of the risks of data breaches for hospitals, establishing and maintaining cybersecurity needs to be a top priority. Hospitals must implement physical and logical security protocols that are appropriate to the size and nature of their operations, and they must continuously assess and reassess their cybersecurity needs. As threats evolve, cybersecurity practices must evolve as well, and hospitals must be prepared to respond immediately at the first sign of a potential unauthorized intrusion.
Put our highly experienced team on your side
Roger Bach
Former Special Agent (OIG)
Timothy E. Allen
Former Senior Special Agent U.S. Secret Service
Chris J. Quick
Former Special Agent (FBI & IRS-CI)
Maura Kelley
Former Special Agent (FBI)
Ray Yuen
Former Supervisory Special Agent (FBI)
Michael S. Koslow
Former Supervisory Special Agent (DOD-OIG)
Marquis D. Pickett
Special Agent U.S. Secret Service (ret.)
Hospital Cybersecurity Consultants and Specialists with Former DHHS, FBI, and Secret Service Experience
At Corporate Investigation Consulting, we provide cybersecurity consulting services to hospitals nationwide. Our team includes former agents with the U.S. Department of Health and Human Services (DHHS), Federal Bureau of Investigation (FBI), and U.S. Secret Service who offer decades of experience in the cybersecurity arena. We have particular experience working with hospitals and other healthcare providers; and, as a result, we are uniquely attuned to the risks these entities face on a day-to-day basis.
Our cybersecurity consulting and internal audit services for hospitals include:
- General Cybersecurity Consulting – Consulting with regard to your hospital’s cybersecurity needs, the sufficiency of existing cybersecurity policies and protocols, and strategies for efficiently maintaining adequate cybersecurity.
- Cybersecurity Policy Development – Development of custom-tailored cybersecurity policies focused on protecting all data on your hospital’s hosted and managed platforms, including both policies for logical (digital) security and physical (premises) security.
- Cybersecurity Policy Implementation – Implementation of cybersecurity policies including, but not limited to, assisting with procurement, installation, integration, training, and enforcement.
- Penetration Testing – Testing existing or newly-developed cybersecurity protocols to assess their effectiveness, identify weaknesses, and determine what additional cybersecurity measures are necessary.
- Internal Cybersecurity Compliance Auditing – Auditing your hospital’s cybersecurity efforts on a periodic or ad hoc basis in order to assess internal compliance, identify new cybersecurity needs, determine when cybersecurity policy updates are required.
- Cybersecurity Breach Response and Defense – Assisting with all aspects of cybersecurity breach response and defense, including identifying the source of intrusion, breach notification, regulatory compliance, and litigation defense.
Regardless of your hospital’s needs, our former federal agents are able to assist. We can get to work immediately if necessary, and we can provide you with unwavering confidence that your hospital’s cybersecurity protocols are doing their job to protect your patient, employee, and business data.
FAQs: Hospital Cybersecurity Consulting and Internal Audits
Q: What are hospitals’ legal obligations with regard to cybersecurity?
Hospitals have a legal obligation to adequately protect their patients’ and employees’ confidential information. This includes all medical, credit, and employment data. What is “adequate” depends on a number of different factors, including the hospital’s financial resources and the volume of sensitive data it generates and stores.
When we work with hospitals to develop and update their cybersecurity programs, we take a comprehensive approach that involves assessing both what is necessary and what is feasible. We then consult with the hospital’s leadership team to determine their priorities and preferences, and then we provide recommendations for cybersecurity protocols that meet or exceed the hospital’s legal obligations.
Q: What are the key components of an effective hospital cybersecurity program?
An effective cybersecurity program will have several key components. This includes everything from password policies to firewalls, and from physical access restrictions to periodic penetration testing. Again, what is necessary for any particular facility will depend on various factors, and at Corporate Investigation Consulting we emphasize providing custom-tailored cybersecurity recommendations that are based on our clients’ specific needs.
Q: How often should hospitals update their cybersecurity policies and protocols?
This is a difficult question to answer, because there is not one single schedule that will work for every facility. Additionally, if a new threat arises, then it may be necessary to quickly implement an update regardless of when the most-recent cybersecurity risk assessment was performed.
As part of our cybersecurity consulting services, we provide ongoing advice regarding necessary updates to our clients’ cybersecurity programs. If your hospital’s data are at risk due to a new malware application, phishing scam, or other threat, we will let you know, and we will advise you accordingly.
Q: What do I need to do if my hospital’s cybersecurity protocols have been breached?
If your hospital’s cybersecurity protocols have been breached, there are several steps you will need to take right away. Most importantly, this includes determining whether the breach is ongoing. If it is, our cybersecurity specialists can identify the source of the intrusion and terminate the unauthorized access.
Once the tap has been closed, then it will be necessary to determine what data were compromised, and your hospital will need to execute an appropriate breach response. Depending on the circumstances of the breach, this may or may not include providing notice to regulators and affected individuals.
Q: How much should it cost to develop and implement an effective hospital cybersecurity program?
Due to the wide disparity in different hospitals’ needs, there is no set cost for an effective hospital cybersecurity program. At Corporate Investigation Consulting, we provide fully customized cybersecurity solutions, and this ensures that our clients’ costs remain as low as possible. To learn more about your hospital’s specific needs and get an estimate of the cost of establishing and maintaining adequate cybersecurity, contact us today.
Speak with a Senior Cybersecurity Consultant at Corporate Investigation Consulting
If you would like more information about our cybersecurity consulting and internal audit services, we invite you to speak with one of our senior consultants in confidence. To schedule a complimentary cybersecurity consultation at your convenience, please call 866-352-9324 or tell us how we can reach you online.