Enable Your Business with Next Generation Security

Understanding the risks that are unique to your environment and how best to align your security strategy with IT and overall strategic imperatives is crucial to a resilient enterprise posture.  First Health has the expertise to assess, plan, deploy, and manage security that accounts for your business model while protecting your assets and customers you serve.

Program Assessment, Development, Staffing, & Education

Enterprise Security Assessment

Provides a security assessment and a method of keeping the assessment continuously current improving security agility and making resource planning easier by smoothing the work across the year.

  • Comprehensive evaluation of risks and vulnerabilities to the confidentiality, integrity, and availability of your health entities PII, PHI and ePHI
  • Identify gaps and safeguards that address compliance and provide next-generation risk reduction capability
  • Align with enterprise imperatives, addressing policies that flow up to strategy and down to support controls
  • Develop a maturity road-map to manage success and objectively evaluate risk
  • Review technology effectiveness, personnel capability, physical and administrative controls

Program Assessment, Development, Staffing, & Education

405(d) Assessment

Assess healthcare organizations ability to accelerate a prescriptive and targeted approach to the five biggest risks in healthcare, the 10 leading practices, and the 23 control surfaces that maximize your investments in security capability and maturity. First Health advisors are experts on HICP 405(d) practices and benefits.

  • The BIG 5: Accelerate cyber threat action and capability targeting;
    • Ransomware
    • Loss or Theft of Equipment or Data
    • Insider, Accidental, or Intentional Data Loss
    • Attacks Against Medical Devices
    • Social Engineering
  • Start Now to Reduce Risk:  The 10 Leading Practices
    • Email and Endpoint Protection Systems
    • Access Management and IT Asset Management
    • Data Protection and Loss Prevention
    • Network and Vulnerability Management
    • Incident Response
    • Medical Device Security
    • Cyber Policies
  • Map findings and requirements to the controls that result in the biggest risk impacts

Program Assessment, Development, Staffing, & Education

3rd Party Risk (Supply Chain) Assessment

Helps healthcare organizations manage vendor security risks by providing a tool to be aware of and manage vendor security risks assessments for the companies that healthcare organizations buy products and services from.

  • Assess: review current 3rd party (vendor/supply chain) risk process, develop recommendations, and craft plan for program capability and maturity
    • Identify and prioritize critical vendors based on enterprise impact
    • Assess risk to enterprise related to 3rd part interaction or relationship
    • Risk education to key stakeholders
    • Continuous monitoring capability
    • Explore efficiency in assessment and automation
  • Program support requirements:  Determine on-going technology, personnel, and policy requirements
  • Scalable managed services enablement based on key findings and requirements

Program Assessment, Development, Staffing, & Education

Cloud Security Assessment

Address a broad market need in understanding how to manage cloud security in Microsoft Azure and AWS environments. Identifies current risks and provides a roadmap to a standard model and framework.

  • Review regulatory requirements from a technical perspective and a healthcare standard perspective (NIST, CSA)
  • Understand best practice for CSP’s as they support your digital health environment
  • Assess your cloud security program and current state deployments across the enterprise
  • Refine roles and responsibilities for cloud security to build a program road-map
  • Assess 3rd vendors utilizing cloud based platforms

Program Assessment, Development, Staffing, & Education

MS 365 Platform & Security Assessment & Services

Addresses a need for specialized security & leading practices knowledge for MS365. Identifies gaps in security, configuration, practices, operations, and provides remediation and roadmap services against CIS benchmarks for better business risk decisions related to the platform.

Program Assessment, Development, Staffing, & Education

AWS Platform & Security Assessment & Services

Addresses a need for specialized security & leading practices knowledge for AWS. Identifies gaps in security, configuration, practices, operations, and provides remediation and roadmap services against CIS benchmarks for better business risk decisions related to the platform.

Program Assessment, Development, Staffing, & Education

Ransomware Prevention & Recovery Assessment

Addresses a prevalent and highly publicized type of security incident. Identifies the most critical gaps/risks and mitigation recommendations

Program Assessment, Development, Staffing, & Education

Disaster Recovery Assessment

Addresses a universal need to understand security posture and readiness to recover from a disaster.  Service includes an assessment of and a roadmap of recommendations for staff, systems, and structure to accomplish desired recovery objectives.

Program Assessment, Development, Staffing, & Education

M&A Target Entity Assessment

Provides specialized knowledge and processes that are irregularly or infrequently needed and therefore not maintained in-house. The assessment identifies the target’s current security posture enabling the purchasing organization to contract and price appropriately pre-purchase, and to plan remediations post-purchase.

Program Assessment, Development, Staffing, & Education

Cyber Insurance Renewal & Readiness Assessment

Cyber insurance policies are quickly becoming more difficult to obtain, rates are higher, and premiums are inadequate for the risks assumed.   First Health knows what carriers are asking for and what you need to do to prepare for policy renewal.  Our policy experts work with your team to position your organization for the best outcomes and coverage based on your requirements.

Program Assessment, Development, Staffing, & Education

Fractional vCISO Services

Provides CISO-quality support and expertise for organizations unable to budget for or recruit a full time CISO

Program Assessment, Development, Staffing, & Education

CISO Strategy & Support

Provides support to busy CISO or CISO with specialized knowledge not in house

Platforms Selection, Implementation, Integration, & Staffing

Advanced Threat Protection Platforms & Services

Full range of services for CrowdStrike – Standard, Premium, Complete
Only staff augmentation for other applications

Platforms Selection, Implementation, Integration, & Staffing

Threat Prevention & Recovery Solutions

Full range of services for Virsec – x86/x64 Windows Server Threat Prevention

Platforms Selection, Implementation, Integration, & Staffing

Vulnerability Management Platforms & Services

Full range of services for Tenable.io & Tenable.sc
Only staff augmentation for other applications

Strategic Services

Managed SIEM (Security Incident & Event Management)

Cloud Managed SEIM – Program Management & Engineering Implementation Services

Strategic Services

Managed SOC (Security Operations Center)

Cloud Managed Security Operations Center (SOC) focused on security incident monitoring & alerting services

Strategic Services

Managed NOC (Network Operations Center)

Network Operations Center (Business Hours and 24×7) focused on operational monitoring and alerting for enterprise IT infrastructure services and solutions.

Strategic Services

Managed IT Services

Full, Functional, and Staff Aug Managed IT Services in support of customer’s products and services

Strategic Services

URGENT Incident Management & Response

Emergency Incident Response Services focused on providing incident management, response, and remediation of security incidents.

Strategic Services

Incident Recovery Services

Rounding out the full compliment of security services and solutions will be a recovery service we can provide to customers managing their recovery efforts.

Strategic Services

Penetration Testing

Provides External and Internal Penetration Testing services and reports to go along with our Security Risk Assessment services.