Healthcare provider systems are often proprietary, requiring unique industry-specific tools and skillsets to analyze and secure. We have leveraged our relationships to cover the core areas of the attack surface in which many healthcare organizations are targeted. These include:
MedSec has developed multiple solutions that include internally developed patches, dynamic networking policy tools, strategies to contain compromised devices, and other innovations to work around innate medical device limitations. These measures are required to reach the threshold of deterrence for an attacker who has gained access to internal healthcare systems.
Penetration testing will help identify, and remove, opportunity/attack vectors available to attackers who are targeting an organization. MedSec works with healthcare providers to address results via standard and custom penetration test fixes.
Once an environment is compromised, an attacker’s attention will often turn to sensitive data, with the following actions:
MedSec works with healthcare providers to reproduce these actions and limit exposure. MedSec's services, delivered in conjunction with penetration testing services or independently, can help healthcare providers lock down sensitive data environments and test the effectiveness of their protection capabilities such as data loss prevention systems.
For institutions interested in greatly reducing and eliminating the likelihood of a breach, we offer a MedSec security maturity review.
This is a tailored healthcare-specific security review that follows the NIST Cyber Security Framework and BSIMM Methodologies.
The BSIMM covers 12 areas of practice around software security:
|Governance||Intelligence||Secure Software Development Lifecycle||Deployment|
|Strategy & Metrics||Attack Models||Architecture Analysis||Penetration Testing|
|Compliance & Policy||Security Features and Design||Code Review||Software Environment|
|Training||Standards and Requirements||Security Testing||Configuration Management and Vulnerability Management|
MedSec has partnered with leading managed security and security monitoring technology solutions providers to offer 24/7 monitoring solutions, spanning: