Protecting critical health information

Healthcare provider wanted a clear picture of their cybersecurity risks and a prioritised roadmap to secure their business

Background 

Our client was a high-profile healthcare provider seeking assistance with managing their cybersecurity risk to protect client information and mitigate both reputational and financial risks. KordaMentha was engaged to conduct an initial cyber security capability assessment of the client’s current security posture and identify any areas requiring improvement.

How we helped

As part of our on-site audit, we conducted interviews with key stakeholders from across the organisation, including responsible executives, the head of IT and the outsourced IT service provider. We also performed a review of the organisation’s policies and documentation, a technical review of its Microsoft Office 365 environment and an assessment of the security measures implemented and managed by its IT service provider. Our findings were reported using the ACSC Essential Eight Maturity Model, a standard recommended by the Australian Federal Government.

As well as presenting the findings of our assessment to the Board of Directors, KordaMentha provided a formal report which detailed our findings and recommendations regarding identified gaps. The report also provided a clear and prioritised roadmap that allowed the organisation to commence a security uplift that will reduce its current cybersecurity risk to an acceptable level.

Result

• We reviewed the security capabilities and maturity of a high-profile healthcare organisation, its key technical systems and its IT service provider. 

• We provided insight into our client’s business security risk and provided a clear, prioritised list of key recommendations, allowing them to remediate this risk to an acceptable level.