case studies
Healthcare
HomeCase Studies → Realtime Access to PHI & PII Is Not Always a Good Thing

Realtime Access to PHI & PII Is Not Always a Good Thing

Threat Landscape

The healthcare industry is a ripe target for cyber criminals. The digital exchange of patient information means massive amounts of personal health information (PHI) and personal identifiable information (PII) are constantly passed across devices and networks. Patients demand instant access to their medical information and appointments. On top of this, the industry is heavily regulated with complex compliance requirements. All of this poses a very acute cyber security risk.

Challenge

A system of hospitals and healthcare providers with locations spread over a wide area was struggling with physical and information security-related challenges. The organization needed to protect patient information better. Physicians’ need for remote, mobile access to confidential medical records was producing overwhelming cyber risk. So was the need to maintain distinct sources of confidential information with varied governance processes.

Solution

We know the healthcare industry. This knowledge allowed us to effectively work up and down the organization, from the board to the physician network, to identify and reduce their existing cyber risk. We conducted a thorough security assessment to gain insight into the organizational culture, security governance, business practices, and the physical security of information assets. With this understanding, we provided remediation steps, from how to fortify perimeter defenses to improving communication channels and building employee and physician cyber threat awareness, and developed an information security policies and standards program.

Results
  • Fortified the security of patient information, always at risk of theft due to healthcare’s operating environment
  • Aligned the organization’s risk tolerance with regulatory demands to deliver a strategic cyber security plan
  • Improved the internal reputation of the company’s security team and limited the risk for a future incident

Let us be your security partner. Explore more here.



Cyber security services offered by Stroz Friedberg Inc. and its affiliates. Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates. Aon UK Limited is authorised and regulated by the Financial Conduct Authority in respect of insurance distribution services. FP.AGRC.238.JJ The following products or services are not regulated by the Financial Conduct Authority:
• Cyber risk services provided by Aon UK Limited and its affiliates
• Cyber security services provided by Stroz Friedberg Limited and its affiliates.


Copyright 2021 Aon plc. All Rights Reserved.


Copyright 2021 Aon plc. All Rights Reserved.
Cyber security services offered by Stroz Friedberg Inc. and its affiliates. Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates. Aon UK Limited is authorised and regulated by the Financial Conduct Authority in respect of insurance distribution services. FP.AGRC.238.JJ The following products or services are not regulated by the Financial Conduct Authority:
• Cyber risk services provided by Aon UK Limited and its affiliates
• Cyber security services provided by Stroz Friedberg Limited and its affiliates.