Case Study
As a mid-size community hospital, King’s Daughters had undergone unexpected resource losses resulting in a void of key personnel and an inability to recruit and rehire top tier security talent in the foreseeable future. King’s Daughters had recently lost their CISO to a larger academic center. Recruiting for a new one proved difficult due to salary expectations in a volatile security market.
Additionally, the organization had already put in significant investments over the past three years, including updating the security strategy, change management, alerting, investigations and reporting.
Leaders considered accepting candidates with related but not exact experience, but there was the risk that lack of expertise might leave the organization vulnerable. Subsequently, they explored the possibility of an outside partnership.
King’s Daughters realized that an industry-proven partner was needed to help mitigate the CISO resource void; reliably identify, prioritize, manage, and mitigate security risks (administrative, physical, and technical) across the organization; and streamline the Risk Management process.
Fortified Health Security’s Virtual Information Security Program” (VISP) Services worked in collaboration with King’s Daughters C-Suite, IT, Clinical, and Compliance departments to implement a focused HIPAA Risk Analysis process that assessed the top risk areas in the client’s healthcare enterprise.
Within this structure, a vCISO reports “solid line” to the CEO and “dotted line” to the CIO. Fortified acts as an advisor, providing risk assessment (new and existing systems) and subject matter expertise while directing IT security resources to accomplish approved security efforts.
The process included:
Fortified Health Security assisted King’s Daughters in strengthening its HIPAA security and compliance program through our VISP services.
Benefits to date include:
Through this streamlined and innovative relationship with Fortified’s VISP services, King’s Daughters was able to meet their immediate HIPAA Security Compliance requirements and fill the CISO resource void, as well as bolster their enterprise security environment above and beyond the minimum checklist requirements while providing consistency within the Information Security domain.
“Fortified Health Security’s vCISO worked very closely with our team to establish an innovative Security Risk Management process tailored perfectly to our unique environment and needs,” says Ebaugh. “Their VISP alignment around mitigating risks without over-architecting or overselling our needs has been invaluable to us in this process.”
Resources
© Copyright 2024 Fortified Health Security, Inc. All rights reserved. Contact Us | Terms of Service | Privacy Policy | Cookie Policy