Working with a healthcare client, DXC Technology has put in place a program designed to help achieve cyberconfidence. By moving to an active approach to cybersecurity awareness and response, this client is delivering benefits both to their organization and to patients.
Challenge:
Cybersecurity is a major threat to the security of healthcare organizations.
Inevitably, the growing use of technology in healthcare means an increased risk of cybercrime. Research suggests that cybercriminals explicitly target healthcare organizations, with the intent of stealing medical records, credit card details and Social Security numbers. Every year, over three-quarters of healthcare organizations experience some kind of data breach or security incident, potentially exposing them to reputational damage, loss of intellectual property and, most importantly, the loss of patient data.
This client, a large healthcare provider in North America, faced increasingly sophisticated attacks from cybercriminals and looked to DXC to help employ the latest technologies and practices to protect it.
Solution:
Moving beyond the classic risk assessment.
Staying ahead of cybercriminals requires active effort; simply focusing on compliance is no longer enough. DXC helped this client achieve cyberconfidence through an active program addressing the risks of data security, patient harm, reputational damage and financial loss, as well as delivering regulatory compliance.
For this healthcare client, moving beyond basic risk assessment to strengthening the security of operations meant three things:
- Understanding and defining areas of exposure, and putting in place remediation plans
- Focusing on policies and procedures that embed security into the clients' operations
- Using a security roadmap to inform long-term organizational decisions
DXC’s program included an in-depth discovery engagement focused on five workstreams: security readiness, policies, procedures and guidelines, information security awareness, information assets, and data protection. Throughout the effort, DXC employed the latest emerging standards organizations such as the HITRUST Common Security Framework, HHS, ISO 27001:2005, ISO 27002:2005 and NIST.
Results:
Building on the findings from these workstreams, DXC and the client identified priority activities with the aim of delivering security and compliance at the lowest cost and performance impact. The relationship is now evolving towards providing managed security services through one of DXC’s global security operations centers (SOC).