From Crisis to Resilience: Lawrence General Hospital’s Cybersecurity Transformation

A Pillar of Community Healthcare

For over 150 years, Lawrence General Hospital has been a pivotal part of the Merrimack Valley and Southern New Hampshire communities. As a private, nonprofit community hospital, Lawrence General provides exceptional care. Most recently, it expanded by acquiring Holy Family Health in Methuen and Haverhill, further solidifying its role as a leader in community healthcare.

Addressing Cybersecurity Vulnerabilities

In 2020, Lawrence General Hospital faced a significant ransomware attack during the SolarWinds global breach. The incident highlighted gaps in the hospital’s cybersecurity program, impacting both productivity and financial resources. The organization learned firsthand the importance of investing proactively in cybersecurity measures.

With limited internal cybersecurity expertise and increasing threats, Lawrence General Hospital needed a partner to help establish a comprehensive, proactive security program.

Building a Resilient Cybersecurity Program

Lawrence General Hospital partnered with Fortified Health Security to develop and expand its cybersecurity program. Starting with immediate incident response and remediation following the attack, Fortified worked closely with hospital leaders to build a tailored and collaborative solution:

• Centralized Command and Visibility: Fortified’s Central Command platform became a game-changer for the hospital, providing real-time alerts, reports, and the ability to take immediate action via mobile devices.
• Proactive Security Controls: Initiatives included endpoint hardening, implementing SentinelOne, establishing a Security Information and Event Management (SIEM) system, and integrating a 24/7 Security Operations Center (SOC).
• Continuous Growth: Lawrence General Hospital engaged in annual penetration testing, patching programs, and incident response tabletop exercises to ensure an ever-improving security posture.
• Virtual CISO (vCISO) Services: Fortified provided expert leadership through a dedicated vCISO, collaborating weekly with the hospital’s internal team to refine strategies and implement best practices.

Results That Matter

1. Enhanced Cybersecurity Maturity: Since partnering with Fortified, Lawrence General Hospital has significantly matured its cybersecurity program. Regular cadence meetings, proactive initiatives, and cutting-edge tools ensure a fortified defense against emerging threats.
2. Improved Incident Response and Recovery: The collaboration enabled the organization to recover swiftly from incidents and implement measures to prevent future disruptions.
3. Operational Efficiency: Central Command streamlined operations, consolidating tools and services into a single platform accessible on the go.
4. Cost Savings: By investing proactively, the hospital reduced its cyber insurance premiums by 15% while achieving better protection and ROI.
5. Healthcare-Specific Expertise: Fortified’s focus on healthcare ensured tailored solutions addressing Lawrence General Hospital’s unique challenges, including patient safety and medical IoT security.

A Partnership That Protects and Strengthens

Lawrence General Hospital’s partnership with Fortified Health Security exemplifies the power of collaboration in healthcare cybersecurity. Together, they’ve built a resilient program that prioritizes patient safety, operational continuity, and financial efficiency.

“Fortified is not just outsourcing; it’s an actual collaboration where we grow and strengthen together.” – John Mourikas, Director of Information Technology