Story of an IT compliance project

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

A hospital group was looking for outside assistance after suffering a very public HIPAA data breach, and subsequently realizing they were not meeting the compliance regulations for PCI DSS 3.1.

Our Threat Mitigation Team met with their internal IT staff and determined that while a recent HIPAA audit had provided them with steps for remediation, there was a lack of time for the internal team to oversee the remediation project, and C-level concern that the timeline to fix the issues would not be met.  Further, it was unclear if the Cardholder Data Environment for PCI compliance had been accurately confirmed after many network changes.

The client had several key objectives for this project:

  • Confirm current scope of the PCI Cardholder Data Environment
  • Create a Prioritized Approach plan for remediation
  • Provide ongoing support for project management and remediation assistance

A PCI DSS Gap Assessment confirmed the current Cardholder Data Environment and the specific areas where compliance was not being met.  This allowed for creation of a prioritized list of items that require remediation which could then be assigned to the hospital’s various internal teams based on the expertise or systems involved.

Through an ongoing Security and Compliance Advisory service with Foresite, the client’s staff is able to outsource oversight of the projects and have access to resources with specific expertise that they don’t have a full-time need for, but are required for aspects of the remediation, such as Payment Card Industry Qualified Security Assessors (PCI QSA), firewall security specialists, and Healthcare Information Security and Privacy Practitioner (HCISPP).

The flexible nature of the Advisory agreement means that resources can be both scheduled for specific projects and also utilized as needed for:

  • HIPAA/PCI Consulting & Remediation
  • Penetration testing and vulnerability scans
  • Assistance with completing compliance documentation
  • 3rd party vendor or solution evaluations
  • Outsourced Security Operations team Incident Response
Foresite admin
Website | + posts

Sign Up For Our Blog

Get our latest content delivered to your inbox.

partner with foresite consulting to become a More Effective Leader

Develop the skills and strategies you need to take your company to the next level of success.

Foresite Cybersecurity Announces Pivot to Open XDR & Compliance Platform

Search