Advance & Protect Your Business: Next Generation Security & Technology Leadership

Healthcare digital agendas are pushing the limits of what is possible. Every stage and initiative of your transformational journey must account for security, privacy and enterprise risk.  First Health is unique in its combination of risk centric talent that understands digital health, clinical impact, and the business of healthcare, bringing executive level acumen together with top enterprise risk management and platform expertise to serve health and care entities.  

 

Executive Leadership Programs

Cyber Insurance Renewal & Readiness Assessment

Cyber insurance policies are quickly becoming more difficult to obtain, rates are higher, and premiums are inadequate for the risks assumed.   First Health knows what carriers are asking for and what you need to do to prepare for policy renewal.  Our policy experts work with your team to position your organization for the best outcomes and coverage based on your requirements.

  • Provides expert CISOs and security leaders with many years of experience with Cyber renewals
  • Experience with responding to cybersecurity questions from carriers
  • Provides advice and guidance on must-have security capabilities to be insured
  • Experts that keep up to date on the latest changes in the cyber insurance market and requirements
  • Assists the organization develop a roadmap and alignment to ensure success with future renewals and applications for insurance

Executive Leadership Programs

CISO Strategy & Support

The demands of healthcare security tax even the most accomplished CISOs and mature enterprise risk programs,  underpinning a need to bolster security executive know-how in important initiatives.  First Health has tenured CISOs and seasoned executives with deep healthcare security, privacy, compliance, and enterprise risk management experience who bring passion and focused work ethic demanded of our clients in governing and improving hygiene healthcare entities. Our CISO Strategy and Support services provide experience to take on overflow projects and initiatives that the CISO and the organization needs to move forward, keeping security programs up with evolving threats and improving hygiene across the enterprise.

  • Provides CISO support services right sized and within budgetary goals
  • Assists with governance and planning with leadership
  • Aligns the business with IT, digital health, and cybersecurity and business objectives
  • Provides strategic guidance and support at all leadership and board levels
  • Advises the organization on governance, portfolio, risk management and risk reduction strategies
  • Addresses many challenges including talent, retention, and costs of hiring executive talent

Executive Leadership Programs

Full Time & Fractional CISO (vCISO)

Not all healthcare organizations have full-time CISO or security focused leaders, and many organizations run into situations where temporary or short-term leadership experience is needed to help advance strategies and risk reduction programs.  First Health has tenured CISO leaders and seasoned risk management executives with deep healthcare security, technology, and digital health experience who bring passion and work ethic demanded of our clients in governing and securing healthcare. Our Full Time and Fractional vCISO  leadership services enable your organization to select the appropriate amount of consulting needed to meet your budgetary goals while keeping your security and privacy agendas and programs moving in the right direction. 

  • Provides full time, temporary, and fractional vCISO services right sized and within budgetary goals 
  • Assists with governance and planning with leadership 
  • Aligns the business with IT, digital health, and cybersecurity and business objectives 
  • Provides strategic guidance and support at all leadership and board levels 
  • Advises the organization on governance, portfolio, risk management and risk reduction strategies 
  • Addresses many challenges including talent, retention, and costs of hiring executive talent 

Executive Leadership Programs

Security Product Strategy & Portfolio Management

Health entities have invested heavily in security technology to support enterprise risk goals, protect patient, protect assets, maintain confidentiality and privacy, and be prepare for future growth.  Managing and evaluating what you have and if there are more effective and less expensive tools to ensure your organizations risk posture and tolerance is aligned with budget is a significant endeavor. The talent, technologies, and processes that must be well understood to inform Risk Management Governance & Portfolio Management requires executive security knowledge in a wide breadth of healthcare business, IT, framework, and risk management domains.  First Health is a leader in guiding healthcare entities in targeted product and portfolio management initiatives designed to deliver safer care, more efficiently.

  • Provides a seasoned executive security leader well versed in existing and emerging platforms and tools
  • Leadership and guidance in evaluating current state technology portfolio gaps or bloat
  • Programmatic enhancements to streamline budget, Governance and business alignment
  • Recommendations and operationalizing desired structural enhancements, process changes, and contractual posture

Executive Leadership Programs

CIO/CDO & Digital Health Executive Strategy & Support

Digital agendas of today are overwhelming health IT leaders across the board.  CIO and CDOs are in need of experienced leaders to support and guide key programs and initiatives that have stalled or just have not kicked off due to a myriad of competing priorities.  First Health has tenured CIOs and seasoned Digital Health executives with deep healthcare Governance, strategic, budgetary and platform experience who bring passion and focused work ethic demanded by our clients in an ever-evolving technology landscape. Our CIO/CDO Strategy and Support services provide experience to take on overflow projects and initiatives that Digital Health leaders and the organization needs to move forward, keeping high investment and visibility programs on track.

  • Provides CIO/CDO support services right sized and within budgetary goals
  • Assists with governance and planning with leadership
  • Aligns the business with IT, digital health, and cybersecurity and business objectives
  • Provides strategic guidance and support at all leadership and board levels
  • Advises the organization on governance, portfolio, enterprise risk management and budgetary strategies
  • Addresses many challenges including talent, retention, and costs of hiring executive talent

Executive Leadership Programs

Digital Health Governance & Portfolio Management

Health entities are reimagining digital transformation to support enterprise goals, maintain competitive advantages, and ensure budget is allocated to efficient and risk mitigating endeavors.  The talent, technologies, and processes that must be well understood to inform Digital Health Governance & Portfolio Management requires executive acumen in a wide breadth of healthcare business, IT, and risk management domains.  First Health is a leader in guiding healthcare entities in targeted, Digital Health Governance & Portfolio Management initiatives designed to deliver better care, more efficiently.

  • Provides a seasoned executive leader with multi-faced Digital Health experience
  • Leadership and guidance in evaluating current state Governance and Portfolio gaps or bloat
  • Programmatic enhancements to streamline Governance and business alignment
  • Recommendations and operationalizing desired structural enhancements, process changes, and contractual posture

Strategic Programs

Enterprise IT Security Risk Assessment

Healthcare is constantly under the threat of a security attack from all directions and can no longer rely on a single point-in-time snapshot measurement of security risks to their organization’s digital assets.  As a result of the constantly changing security threat landscape, each organization must enable a continuous security program actively identifying and reducing security risks in their always expanding network-connected asset realm.

First Health’s continuous Enterprise IT Security Risk Assessment and Engineering program services efficiently, effectively, and continuously identify security risks to your healthcare organization while working with the organization’s IT department to plan, prioritize, and implement risk-reducing solutions resulting in a constant cycle of securing your network connected digital assets.

  • Improve security, privacy, and overall risk management maturity and capability while having confidence in compliance alignment
  • Network and Remote Access, Server Management, End-User, Vulnerability Management, Data-Management, 3rd Party and Supply Chain Risk, Medical Device, E-Mail Protection
  • Incident Response, Business Impact Analysis, Legal/Compliance, Facilities, and major platform risk (EHR, ERP)
  • Governance, Risk Analysis, Personnel evaluation and roles, and leadership reporting

Strategic Programs

405(d) & NIST Cybersecurity Framework (CSF)

Assess healthcare organization’s ability to accelerate a prescriptive and targeted approach to the five biggest risks in healthcare, the 10 leading practices, and the 23 control surfaces that maximize your investments in security capability and maturity. First Health advisors are experts on HICP 405(d) practices and benefits.

  • The BIG 5: Accelerate cyber threat action and capability targeting:
    • Ransomware
    • Loss or Theft of Equipment or Data
    • Insider, Accidental, or Intentional Data Loss
    • Attacks Against Medical Devices
    • Social Engineering
  • Top 10 Security Risks Reduction Program:
    • Email and Endpoint Protection Systems
    • Access Management and IT Asset Management
    • Data Protection and Loss Prevention
    • Network and Vulnerability Management
    • Incident Response
    • Medical Device Security
    • Cyber Policies
  • Map findings and requirements to the 23 control surfaces that result in the biggest risk impact

Strategic Programs

Data Privacy & Visibility Program

The privacy of healthcare patient, employee, and corporate data is a pivotal component of the overall security program. First Health’s data privacy program maximizes data visibility enabling healthcare organizations to report on the data’s who, what, where, when, and how for each data transaction.

  • Modern data visibility tool through the First Health partnership program
  • Provides the highest level of visibility into your organization’s data transactions
  • Efficient and effective solution resulting in fewer resource hour requirements

Strategic Programs

M&A Target Entity Assessment

Provides specialized knowledge and processes that are irregularly or infrequently needed and therefore not maintained in-house. The assessment identifies the target’s current security posture enabling the purchasing organization to identify security risks and plan remediations post-purchase.

  • Assess the risk of M&A target using enterprise risk assessment methodology and frameworks
  • Provides HIPAA, NIST, CMMC, and other framework alignment reports
  • Detailed guidance and risk stratification to assist the organization in making risk decisions during acquisition
  • Details the key administrative, physical, and technical control gaps
  • Provides prioritization and risk guidance for a detailed post-acquisition risk mitigation plan

Strategic Programs

3rd Party Risk Management

Helps healthcare organizations manage vendor security risks by providing a tool to be aware of and manage vendor security risk assessments for the companies that healthcare organizations buy products and services from.

  • Assess: Review current 3rd party (vendor/supply chain) risk process, develop recommendations, and craft a plan for program capability and maturity
    • Identify and prioritize critical vendors based on enterprise impact
    • Assess risk to enterprise related to 3rd party interaction or relationship
    • Risk education to key stakeholders
    • Continuous monitoring capability
    • Explore efficiency in assessment and automation
    • Program support requirements: Determine ongoing technology, personnel, and policy requirements
    • Scalable managed services enablement based on key findings and requirements

Strategic Programs

Ransomware Prevention & Recovery Assessment

Addresses a prevalent and highly publicized type of security incident. Identifies the most critical gaps/risks and mitigation recommendations

  • Assess the environment against key risk factors for ransomware prevention, detection, and recovery
  • Ensure the organization has fully immutable backup solutions working and tested
  • Align organization and risk plan to focus on the biggest threat vectors and ability to recover quickly
  • Ensure the organization has incident response plans and ransomware playbooks implemented
  • Complete analysis and recommendations for remediation

Strategic Programs

Disaster Recovery Assessment

Addresses a universal need to understand security posture and readiness to recover from a disaster.  Service includes an assessment of and a roadmap of recommendations for staff, systems, and structure to accomplish desired recovery objectives.

  • Provides analysis of current infrastructure recovery posture
  • Analysis of current recovery objectives and necessary capabilities to meet those objectives
  • Complete recommendations on investments and infrastructure changes to meet organizations objectives and requirements
  • Development of disaster recovery plans and playbooks
  • Experience aligning disaster recovery capabilities with major EMR vendor requirements
  • Assistance in planning and coordinating testing activities

Platform & Engineering Services

Cloud Modernization & Migration Strategy & Security

Address a broad market need in assessing or maturing your cloud modernization strategy and how to manage cloud security in Microsoft Azure and AWS environments. Identifies current risks and provides a roadmap to a standard model and framework.

  • Review regulatory requirements from a technical perspective and a healthcare standard perspective (NIST, CSA)
  • Understand best practices for CSPs as they support your digital health environment
  • Assess your cloud security program and current state deployments across the enterprise
  • Refine roles and responsibilities for cloud security to build a program roadmap
  • Assess 3rd party vendor cloud platform security risk

Platform & Engineering Services

MS 365 Platform & Security Assessment & Services

Addresses a need for specialized security & leading practices knowledge for MS365. Identifies gaps in security, configuration, practices, operations, and provides remediation and roadmap services against CIS benchmarks for better business risk decisions related to the platform.

  • Review best practices configuration and design security plan
  • Audit existing tenants against CIS and other best practices
  • Provides recommendations for alignment with other frameworks
  • Guidance to leadership on the impact of decisions and residual risk factors
  • Consulting and engineering assistance to execute the plan

Platform & Engineering Services

AWS Platform & Security Assessment & Services

Addresses a need for specialized security & leading practices knowledge for AWS. Identifies gaps in security, configuration, practices, operations, and provides remediation and roadmap services against CIS benchmarks for better business risk decisions related to the platform.

  • Assessment against best practices and CIS controls
  • Recommendations for remediation of risks and control alignment
  • Design of implementation and cloud security plan
  • Consulting and engineering assistance to execute security plan

Platform & Engineering Services

Advanced Threat Protection Platforms & Services

Full range of services for CrowdStrike – Standard, Premium, Complete
Only staff augmentation for other applications

  • The collaborative implementation model ensures successful results aligned with the CrowdStrike operating model
  • Leading healthcare industry knowledge and experienced engineering and program management staff assigned to each engagement
  • Deploy and configure using industry-leading standards and practices

Platform & Engineering Services

Identity Threat, Privilege, & Access Management

Identity Threat, Privilege and Access Management in practical terms is defined by the right resource using the correct authorization to access digital resources tracked and reportable for the purposes of auditing. PAM, IAM, and Identity Threat Protection must align as a vital and baseline security and privacy measure to protect your organizations most vital assets. Organizations must perform well in this critical area because of the amount of user interaction IAM touches every day from onboarding to offboarding. While IAM and PAM can be complex and complicated it does not have to be this difficult.

  • First Health provides experienced IAM, PAM and Identity Threat assessment for healthcare entities
  • Tenured engineering resources with healthcare experience providing organizations visibility into the areas needing improvement
  • IAM and PAM technology alignment with Governance, business goals, and risk tolerance

 

Platform & Engineering Services

Vulnerability Management Program

First Health’s unique vulnerability management program is a comprehensive connected and digital asset security vulnerability, patching, and penetration testing, and risk reduction program.  Our approach includes identification and remediation, or mitigation planning, to address and reduce security risk for all your network-connected assets such as Microsoft products, 3rd party applications, internal and external penetration testing, and reporting, OT and Medical Devices, and related security validation services resulting in one of the most comprehensive security exploit protection and prevention for your healthcare organization.

  • A full range of services identifying vulnerabilities, deploying patches to address vulnerabilities, and follow-on penetration tests to validate security flaws are remediated against attacks
  • Includes all relevant programs and professional services to ensure quality outcomes for each customer

Platform & Engineering Services

Cloud Managed NOC, SIEM, and SOC Program

The most mature security programs in the healthcare industry are adopting SIEM and SOC solutions.  First Health’s approach to these services, platforms and solutions takes into consideration several variables and we provide what your organization needs to hear about these solutions versus what you might wish to hear in a transparent and honest approach which very well might be unique to the sales cycle in this industry.  Each organization is unique in its journey to improve its security posture and that takes due diligence, prioritization, and structure to ensure a structure, budget-conscious approach leads to a successful implementation of a holistic security program with the right solutions in order of priority to establish defensive walls while confidently connecting the various puzzle pieces.

  • 24×7 operations center providing availability, confidentiality, and integrity for your organization
  • Cloud-based from step one resulting in the least burden on your already overutilized team members
  • Data science approaches deliver the shortest time to value for your security use cases

Platform & Engineering Services

Zero Trust Network Architecture

Healthcare entities require reliable and secure network architecture and connectivity causing many healthcare organizations to forego security in favor of providing reliable connectivity. First Health understands the security and connectivity requirements for the healthcare market.  Our unique building block approach to Zero Trust Network Architecture enables the organization to achieve both security, trust, and segmentation objectives in a manner hospitals approve.

  • First Health delivers industry leading network segmentation solutions to healthcare entities
  • Healthcare experienced Zero Trust network and security resources providing industry leading solutions and services
  • Enabling organizations to achieve Zero Trust Network Architecture goals & objectives while leveraging existing investments in critical technologies resulting in an efficient and effective roadmap