Securing Patient Data and Safety,
Making Regulatory Compliance Easier

Cybersecurity impacts business risk, patient safety, & privacy

Cybersecurity Services

Cybersecurity Assessments
We conduct adversarial-based assessments designed to find holes in your defenses, demonstrate their potential business impact, and show you how to close them.

Learn More
Remote Access Security Assessments
Tangible Security will assess the implementation of systems and procedures deployed for your growing remote workforce to identify weaknesses, provide recommendations to remediate those risks, and provide peace of mind that organizations are protecting both their data as well as the data of their clients.

Learn More

Product Security Services

Mobile Application Security Assessments
Tangible Security provides a thorough look into the security of your Andriod or iOS mobile applications – ensuring that risks are identified, and your data is safe. Tangible will identify, contain, and remediate vulnerabilities before an attacker can discover and exploit them.

Learn More
Web Application Security Assessments
Our testing team will provide a current snapshot of the security posture of specific website(s). Our goal is to identify, contain, and remediate any exploitable vulnerabilities that can be fixed before an attacker can discover and utilize them for further attack.

Learn More
Product Security Assessments
Using a range of unique penetration testing tools for testing connected devices, Tangible's product security testing mimics real-world hacking tactics and techniques that uncover hidden vulnerabilities in your device or application and provide realistic insights and practical results.

Learn More
SDLC Services
We help clients overcome the challenges of implementing secure development lifecycle (SDLC) best practices as well as provide professional services that supplement your development teams with hard-to-find special skills and 3rd party independent reviews.

Learn More

Security Consulting

Security Program Assessments
Using standards such as NIST, ISO, and COBIT as a starting framework, Tangible will work with you to examine the quality and effectiveness of your program, identify and understand weaknesses and vulnerabilities, and evaluate your readiness to defend and respond to today’s cyber threats.

Learn More
Security Awareness Training
We help transform your employees from unwitting targets to human firewalls. They become obstacles to hackers rather than conduits. The initial testing, training, and ongoing testing combine to not only elevate your users’ preparedness but sustain and institutionalize it.

Learn More
Virtual Cybersecurity Office (vCSO)
Clients receive fixed number of consulting hours per month with seasoned executives and technical specialists to help assess, prioritize, plan, and/or execute their security program.

Learn More


ProV Software
Software that auto-provisions (and de-provisions) Active Directory user accounts for people with trusted smart cards so they can instantly get to work within your Windows network.

Learn More

Cybercrime & digital complexities
elevate patient safety & privacy issues to ever higher risk levels

Patient electronic health records are worth ten times more than credit card numbers

Ransomeware extortionists are targeting healthcare providers

IT & Operational Security

Complexity, scale, and constant-change amplify cyber risks for interconnected healthcare systems.

Skilled and experienced cybersecurity personnel are scarce and costly

Healthcare cybersecurity programs are complex

Seemingly avoidable data breach causes continue to plague the industry

Mobility in healthcare increases attack surface

Identification, containment, & response to incidents must be rapid and decisive

Patient safety, privacy, & data security are often at odds

Ongoing infrastructure tests to identify vulnerabilities seldom find nothing

IoT & ICS Security

Network-connected medical devices deployed in clinical environments greatly increase the attack surface.

Medical device manufacturers need to add security testing into development lifecycle

Hospitals need to identify vulnerabilities of connected devices

Responsibility falls on both the device manufacturer and the healthcare providers

Hospitals are subject to ICS and SCADA mandates

Providers must ensure security throughout their supply chain

Regulatory Requirements and Mandates

Regulations as well as legal and financial penalties never seem to stop evolving.

HIPAA mandates that providers maintain adequate and up-to-date risk assessments

The entire supply chain of business associates & suppliers falls under OmniBus Rule

The HITECH Act mandates timely reporting of protected health information (PHI) breaches of 500 records or more

Compliance does not equate to security

Failure to comply with HIPAA and PCI requirements results in fines, legal entanglements, loss of patient trust, & more

The FDA views cybersecurity risks just as seriously as defective product risks

The Threats and Consequences are Real

Anthem — 78.8 million records — February 4, 2015 — Unauthorized database access, attacks may be linked to a state-sponsored attack out of China

Anchorage Community Mental Health Services (ACMHS) — December 2014 — 2,743 records — $150,000 fine — Due to malware compromising the security of its information technology resources, failing to regularly implement available patches and for running outdated, unsupported software

New York Presbyterian Hospital and Columbia University — May 2014 — 6,800 records — $4.8 million fine — Due to lack of technical safeguards, server deactivation resulted in ePHI being accessible on Google

Premera — 11 million records — January 29, 2015 — Attacks may be linked to a state-sponsored attack out of China

Parkview Health System, Inc. — June 2014 — 5,000 to 8,000 records — $800,000 fine — Cardboard boxes of these medical records left unattended on the driveway of a physician’s home

Concentra Health Services — April 2014 — 870 records — $1.73 million fine — Failed to manage encryption policies, identify which assets needed to be encrypted and document why encryption was not reasonable for certain cases