Healthcare (US)

Cyber Stoics was engaged by a highly respected regional hospital with over 100 locations to perform a comprehensive vulnerability assessment of all aspects — people, processes, and technology — of its information security program. This hospital had a strong internal information technology and information security team and was in need of an independent external validation to identify any gaps in technology or operations.

For organizations that deal with protected classes of data — specifically HIPAA-protected data including health, treatment, and payment information — an often-overlooked challenge is that the process of providing secure, remote access for a vulnerability assessment can be a significant challenge. Traditional VPN solutions often include packet filtering, NAT, and other security measures that can conceal vulnerabilities.

To address this concern, we have developed the Cyber Stoics Wormhole, which is a portable, self-contained computing devices that allows our team to perform high-quality remote vulnerability assessments with the same level of access as would be granted if our team were to physically travel to the client site. The wormhole devices allow for all client data to be examined on-device, so no PHI ever leaves the client’s facility. The devices are fully encrypted, with separate boot and data drives to allow for strong full-disk encryption.

At the conclusion of the assessment, we will remotely wipe all of the Wormhole’s data drives and provide a certificate of destruction. Our clients are able to wipe the devices in-house if desired by the infosec team or mandated by policy.

Our assessment surfaced several covert attack paths hidden deep within the organization’s Active Directory environment. Like most organizations who have been using Active Directory since its introduction in the late 90s, legacy and leftover configurations persisted in AD and, if identified by threat actors, could be leveraged by threat actors to escalate permissions if a foothold into the organization was found. We also identified a number of additional gaps in controls, governance, and operations.

Our comprehensive report, which was written to be understandable by business leaders yet useful by security engineers, network administrators, and the technology leadership, presented our findings and a list of prioritized recommendations. Our recommendations addressed gaps in technoolgy operations and highlited areas in which some externala securtiy vendors could do better.

We were retained by this client as Virtual CISO in order to help nurture that newly formed information security committee, provide input on technical challenges, coordinate disaster and emergency response services, guide the organization through its complex contractual and regulatory compliance enviroments, and more. We’ve had the opportunity to share our extensive experience in help desk services, network engineering, and linux system administration to fill in skills gaps where needed so that security projects did not have to get put on hold while, for example, a RedHat Linux engineer or Salesforce developer could be hired. We’re able to bring these skills to the table as part of our Virtual CISO services, allowing our clients to quickly, effectively, and competently complete those technical tasks which are often needed to advance mission-critical information security projects.

Contact us today to find out Cyber Stoics we can help your organization’s information security program thrive.