A nationally recognized healthcare provider had a business impacting breach. Once mitigation was complete, they determined they needed to assess the business and apply a Risk Management Framework.

  • Regionally distributed clinics don’t appreciate the need for RMF or security
  • IT team doesn’t have the time or capability to address control requirements
  • Overall, the provider didn’t know how to act or where to start

Initial Approach
  • Perform security testing and full NIST CSF assessment
  • Collect the results and create a formal report
  • Identify the control gaps to be remediated
  • Create a roadmap to address control gaps
Adjusted Approach
  • Apply the identified control gaps to HITRUST readiness
  • Gamify the process of readiness using a concept that resonates with the audience
  • Publish the results monthly
  • Educate the IT team as the readiness progresses

  • Successfully integrated initial NIST gaps into HITRUST readiness
    • Easy alignment between frameworks
  • Designed and rolled out internal education / engagement
    • Using gamified approach and structure that resonated
    • Conducted readiness leading to validated assessment
  • Gained the Board of Directors support for project
    • Leveraging HITRUST capabilities and approach to the industry
  • Conducted HITRUST validated assessment
  • Instituted a continuous improvement process and governance to continue to address changes in cybersecurity and regulatory landscapes

Key Success Factors
  • Addressing client challenges using HITRUST readiness as a gamified activity to engage employees
  • Working with the client to sell HITRUST and the approach
  • Leveraging HITRUST announcements and improvements to demonstrate the industry leading approach


Talk with our award-winning team