Compromised Health Records

Incidents

Due to Hacking Attacks (%)

Cybersecurity impacts business risk, patient safety, & privacy

Cyber Security Assessments

We conduct adversarial-based assessments designed to find holes in your defenses, demonstrate their potential business impact, and show you how to close them.



Learn More

Virtual Cyber Security Office (vCSO)

Clients receive fixed number of consulting hours per month with seasoned executives and technical specialists to help assess, prioritize, plan, and/or execute their security program.


Learn More

Managed DeceptionGrid

Instead of sifting through mountains of data and numerous false positives to detect cyber intruders within your enterprise, our ethical hackers, who understand their methods and tactics, deploy and monitor a grid of virtual traps, effectively making the intruders unknowingly reveal themselves so we can help you contain and root them out.

Learn More

Threat Emulation

Professional ethical hackers lead customers through “War Games” that cover likely enterprise cyber incident scenarios. This two to three day program begins with training, follows the next day with realistic field simulations, and wraps up with an assessment of the customer’s operations regarding the simulations.

Learn More

Secure Product Testing

Ethical hackers from Tangible Security determine what harm can be done to your business interests when cyber criminals, hacktivists, and/or nation-state actors target your new or existing product. We provide you a prioritized, detailed findings report with recommendations.


Learn More

SDLC Services

We help clients overcome the challenges of implementing secure development lifecycle (SDLC) best practices as well as provide professional services that supplement your development teams with hard-to-find special skills and 3rd party independent reviews.



Learn More

PCI Services

A certified QSA and cyber security engineers help small and larger retailers navigate the complexities of PCI, find the most cost-effective means to achieve and maintain PCI compliance, and secure their earnings and reputation.





Learn More

SIEM

From the team that wrote the first major book on Security Information Event Management (SIEM) systems, our engineers help clients with selection, integration, tuning, and operation of a SIEM best suited to their needs.





Learn More

Cyber crime & digital complexities
elevate patient safety & privacy issues to ever higher risk levels

Patient electronic health records are worth ten times more than credit card numbers

Ransomeware extortionists are targeting healthcare providers

IT & Operational Security

Complexity, scale, and constant-change amplify cyber risks for interconnected healthcare systems.

Skilled and experienced cybersecurity personnel are scarce and costly

Healthcare cybersecurity programs are complex

Seemingly avoidable data breach causes continue to plague the industry

Mobility in healthcare increases attack surface

Identification, containment, & response to incidents must be rapid and decisive

Patient safety, privacy, & data security are often at odds

Ongoing infrastructure tests to identify vulnerabilities seldom find nothing

IoT & ICS Security

Network-connected medical devices deployed in clinical environments greatly increase the attack surface.

Medical device manufacturers need to add security testing into development lifecycle

Hospitals need to identify vulnerabilities of connected devices

Responsibility falls on both the device manufacturer and the healthcare providers

Hospitals are subject to ICS and SCADA mandates

Providers must ensure security throughout their supply chain

Regulatory Requirements and Mandates

Regulations as well as legal and financial penalties never seem to stop evolving.

HIPAA mandates that providers maintain adequate and up-to-date risk assessments

The entire supply chain of business associates & suppliers falls under OmniBus Rule

The HITECH Act mandates timely reporting of protected health information (PHI) breaches of 500 records or more

Compliance does not equate to security

Failure to comply with HIPAA and PCI requirements results in fines, legal entanglements, loss of patient trust, & more

The FDA views cybersecurity risks just as seriously as defective product risks

The Threats and Consequences are Real

Anthem — 78.8 million records — February 4, 2015 — Unauthorized database access, attacks may be linked to a state-sponsored attack out of China

Anchorage Community Mental Health Services (ACMHS) — December 2014 — 2,743 records — $150,000 fine — Due to malware compromising the security of its information technology resources, failing to regularly implement available patches and for running outdated, unsupported software

New York Presbyterian Hospital and Columbia University — May 2014 — 6,800 records — $4.8 million fine — Due to lack of technical safeguards, server deactivation resulted in ePHI being accessible on Google

Premera — 11 million records — January 29, 2015 — Attacks may be linked to a state-sponsored attack out of China

Parkview Health System, Inc. — June 2014 — 5,000 to 8,000 records — $800,000 fine — Cardboard boxes of these medical records left unattended on the driveway of a physician’s home

Concentra Health Services — April 2014 — 870 records — $1.73 million fine — Failed to manage encryption policies, identify which assets needed to be encrypted and document why encryption was not reasonable for certain cases