With a 37% increase in health care breaches, 85% of providers are prioritizing cybersecurity in 2017. Delivered and managed by seasoned technical experts, our 24-month centralized cybersecurity and compliance program helps Providers and Business Associates manage all things related to patient confidentially.
Have a question about Agio Health Care Cybersecurity 360°? Contact Us
Qualifications & Associations
Agio provides managed IT and cybersecurity services to firms at every stage, including technology hosting, monitoring, management, disaster prevention and recovery, managed security, cybersecurity consulting, and other high-end services.
Agio has been performing IT security assessments for nearly 20 years across many industries and to other exacting standards, in addition to HIPAA, such as ISO, GLBA, NIST, SOX, etc. Specifically, we have assessors and consultants certified by the HITRUST Alliance as Practitioners, both assessors and consultants certified by the Cloud Security Alliance, and Agio is also a Payment Card Industry (PCI) Qualified Security Assessor (QSA), with an additional five individual QSAs on staff.
It’s our technical background and detailed understanding of, first and foremost the healthcare industry, as well as other aforementioned regulatory markets, that guarantees you have a robust, effective cybersecurity partner with an understanding of the what’s, why’s, and how’s of your compliance. There is no doubt, we’ve got you covered.
Every company subject to health care compliance requirements needs an experienced guide to help them navigate the regulatory waters, specific to their unique needs. With Agio Health Care Cybersecurity 360°, you get CISO-level advice from our most seasoned health care security experts to ensure you understand the nature of your environment against the backdrop of the healthcare regulatory and threat landscape. In your monthly check-ins, we sit down with you to discuss the best short term, tactical steps to take you from point A to point B, with your long-term security posture in mind. Beyond that, we’re available to attend any discussions with your vendors or other third parties to assure you know what is expected of your organization and why.
On top of this high level technical guidance, you’re assigned a committed Project Manager (PM) to keep you on schedule and on budget. Specifically, your PM oversees the milestones of your tailored program, reports on the status of ongoing or upcoming events and tasks, plans future work, and troubleshoots problems or issues that arise. They are your handler, as well as your wrangler to ensure you get what you need from the Program.
Our methodical commitment to habitual activities, which maintain compliance and fortify your cybersecurity defenses, have been architected to align with the HIPAA Security and Privacy Rules, NIST SP 800, HITRUST CSF, as well as other security best practices. While it’s typical to focus a high level of effort on compliance activities for a concentrated period of time, we spread those activities over the course of two years, so they become more manageable and less disruptive to your organization. Instead of having a steep climb to compliance every year, Agio Health Care Cybersecurity 360° manages the process for you, with a prescribed, yet digestible, level of steady effort. Even more importantly, by fitting into your existing security and compliance framework and augmenting the expertise and specific skills your firm already possesses, we form a custom partnership that maximizes your benefit.
We know what it takes to be compliant, and we know what it takes to maintain a robust security posture. This Program will get you there – on both fronts.
Our approach leverages years of both health care experience and security expertise to assist both providers and business associates in the industry with security and compliance initiatives. Specifically, Agio Health Care Cybersecurity 360° is a 24-month centralized cybersecurity and compliance program that includes:
Monthly status calls and oversight of your security program
Policy Review & Development
Security Risk Assessment
Social Engineering Tests
Coordination of Incident Response Planning & Testing
Security Awareness Seminar
Board & Executive Briefings
Why such a holistic and comprehensive methodology? Because the health care industry has its work cut out for it when it comes to cybersecurity. There are mounting risks tied to maintaining patient confidentiality and integrity of clinical data. Technology advancements are making information exchange among health care providers easier, more flexible, and most notably, more “virtual.” And the proliferation of interconnected compliance requirements, comprised of HIPAA, the Payment Card Industry (PCI), SOX, ISO, NIST, etc., result in a daunting regulatory matrix, difficult for any non-dedicated, full-time staff to navigate.
Health Care Providers and Business Associates need a true 360° approach.
Agio Incident Response is a planned program designed for the unplanned. Over the course of 12 months we onboard, organize, prep and continually test your ability to respond when a breach happens. We get, and keep you, battle-ready so when an attack happens, we mobilize immediately and effectively, neutralizing the threat and containing your exposure.
Here’s what the program includes:
o Environment Discovery
o Data Mapping
o Incident Response Plan Development & Review
- Incident Response Policy
- Data Classification Policy
- Incident Response Procedure
- Incident Response Communication-Chain of Command Procedure
o Tactical/Operational Incident Response Tabletop Exercise
Monthly Incident Response Readiness Review
Quarterly Status Review (monthly for first three months after going live)
o Intelligence Briefings
o Cybersecurity Events & Incidents Statistics Review
Annual Executive IR Tabletop Exercise
Incident Response Annual Review & Report
Red Team Security Assessment* (annually, if applicable)
It’s about practicing chaos. You’ll never be able to predict the specific type of breach your firm will ultimately fall victim to, but you can predict how you respond. And that response is comprised of the people you have in place, the processes you’ve implemented, and the technology that supports it all. How do these three facets interact with one another when tragedy strikes? Where are the loopholes, the gaps, and the ambiguity within your plan?
These are the details, when left undiscovered, unremediated and unrehearsed, create chaos on top of chaos for organizations.
We’re here to fix that. By proactively learning your environment, mapping what data lives where, reviewing your policies with a critical eye, and then practicing chaos, we improve your reaction to a breach. Your response goes from languid, haphazard and insufficient to immediate, efficient, and most importantly, effective.
It’s tempting to sit back and hope that a breach won’t happen. Or maybe when it does, that it’s not that bad. But when your company’s operations, reputation, and even your career are on the line, hope isn’t a strategy. Because even if the initial breach doesn’t bring down your environment, the longer the malicious activity goes undetected and unaddressed, the worse it gets. What may have started as a cybersecurity event, can quickly escalate to an incident and a full-blown breach.
TIME IS MONEY
Then there’s the financials. Bringing in an Incident Response team only after a breach guarantees one thing; you’re going to pay. Why? Because the firm you bring in, even if they’re the best, doesn’t know your environment. They don’t know where your data lives; they don’t know how you collect and store that data (for analysis); they don’t know your policies; and they don’t know who’s involved in your Incident Response Plan. They’re flying blind, and it’s going to take them time to get up to speed. That’s time you’re paying for, and even more importantly, that’s time in which the breach is getting worse.
By investing in an Incident Response service, proactively, you drastically reduce your time to resolution, which means less money out the door, less exposure and ultimately less damage. And you look good for preparing for the inevitable. You took chaos, mapped it, prepared for it, and even amortized it (i.e the cost). Well played.