Vulnerability management, penetration assessments, security control implementations, & incident response planning. 

365 Striker Advisory enables the development and implementation of cybersecurity services based on your business, IT & information security needs.

​

Securing Protected Health Information

The Health Insurance Portability and Accountability Act (HIPAA) includes provisions to maintain the privacy of protected health information (PHI). The HIPAA rules apply to covered entities, which include medical providers, employer health plans and insurance companies that deal with patient data.

Health Information Technology for Economic and Clinical Health Act (HITECH) expanded the HIPAA rules related to the use and disclosure of PHI, appropriate safeguards to protect PHI.
 

HIPAA requirements mean you have to deal with several challenges:
 

• Targeted threats: Attacks specifically designed to compromise healthcare networks and steal protected health information (PHI)

• Non-stop Operations: IT teams need to constantly keep networks updated, patched and configured correctly

• Resources gap: Skilled security resources required to perform security testing,  risk assessments, and enforce security rules are difficult to find and retain

The approach to HIPAA and HIPAA-HITECH compliance helps you to:
 

• Implement administrative and technical safeguards you need to be HIPAA and HIPAA-HITECH compliant

• Detect and prevent network intrusions, identify vulnerabilities and misconfigurations that might expose personal health information due to insufficient data protection.

​

Healthcare experts shouldn't have to be security experts. Over the past decade we've has helped more than one million organizations secure data and comply with various mandates. When you partner with Striker Advisory, you have confidence that a solution to your compliance problems is never more than a phone call away.

​

Who Must Be HIPAA Compliant?

The HIPAA Rules apply to two groups: covered entities and business associates. A covered entity is a health plan, health care clearinghouse or health care provider who electronically transmit any health information. Examples of covered entities are:
 

• Doctors

• Dentists

• Pharmacies

• Health insurance companies

• Company health plans
   

A business associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. Examples of business associates (whose services involve access to PHI) are:
 

• CPA

• Attorney

• IT providers

• Billing and coding services

• Laboratories
   

For more detailed information on the definition of a covered entity and businesses associate visit The Department of Health and Human Services (HHS) website.

 

HIPAA Privacy Rule

The HIPAA Privacy Rule provides federal protections for personal health information and gives patients rights to their own protected health information (PHI). The Privacy Rule permits the disclosure of PHI needed for patient care and other important purposes. The Privacy Rule applies to all healthcare providers, including those who do not use an Electronic Health Record (EHR) system, and includes all mediums: electronic, paper, and oral.

Privacy Rule Basics:
 

• Spells out administrative responsibilities

• Discusses written agreements between covered entities and business associates

• Discusses the need for privacy policies and procedures

• Describes employer responsibilities to train workforce members and implement requirements regarding their use and disclosure of PHI.
   

Privacy Rule Examples

• Train all employees on its privacy policies and procedures

• Properly dispose of documents containing protected health information

• Secure medical records with lock and key or pass code

• Create procedure for individuals to know to whom they can submit a complaint about a covered entity's compliance with the Privacy Rule

RISK ASSESSMENTS | VIRTUAL CISO

Risk Assessment:

Initial assessment to ensure your organization is meeting compliance regulations conducted either internally or with some external agencies.

Gap Assessment: 
To determine the current state of information security for your organization and the utilization of different IT governance frameworks depending on customer needs such as HIPAA, HITECH, ISO 27K, PCI DSS, NIST.  Also includes the development of customized remediation based on identified security risks with a risk based approach using technical risk, business risk and compliance risk.
 

VIRTUAL Chief Information Security Officer (vCISO)

Information security and compliance program development and maintenance for growing organizations looking to ensure compliance and appropriately addressing threats to their organization.  

(vCISO) Creation: 
The vCISO is responsible for the information security strategy for the entire organization and provides services that gives your IT resources the flexibility to focus on their day to day activities. 
 

ENTERPRISE CLOUD COMPUTING

Dedicated, shared or hybrid infrastructure, private/public cloud storage.
 

MANAGED SECURITY

Continuous audit, data encryption, patch management, event management, managed firewall and VPN services, intrusion detection and IPS, vulnerability assessment and remediation
 

COMPLIANCE SERVICES

• PCI

• SOX

• HIPAA

• Governance & IT Compliance

​

Know Your Vulnerabilities Before A Hacker

The most accurate way to know your organizational weaknesses is to examine your business environment the way a hacker would-- through manual security penetration testing, also called ethical hacking. Our certified penetration testers use up-to-date hacking methodologies and innovative technology to identify vulnerabilities, minimize risk, and help protect your organization against the most current hacking trends.

​

Top Reasons To Use Striker Advisory Penetration Testing Services
 

• Find The Root Cause Of Your Vulnerabilities

  Most penetration test providers only report discovered vulnerabilities. Our certified penetration testers use a thorough discovery process to uncover weaknesses and report discovered vulnerabilities and why your organization is vulnerable to them. Many organizations spend a lot of time and manpower finding the root cause of their vulnerabilities. We identify the root cause to save you time and ensure your data security efforts are focused in the right areas, which helps eliminate future problems and strengthen your preventive security measures.
   

• An Accurate Snapshot Of System Security

  Where self-assessments and internal audits provide general security rules for your organization, pen testing provides a specific, accurate, and actionable analysis of your organization's security health. Our certified penetration testers analyze your network environment and identify not only potential vulnerabilities, but also current exploitable threats that put your organization at risk.
   

• Thorough Testing Without The Downtime

  Our pen tests are system-friendly and won't bog-down or interfere with your usual network operations, freeing you up to focus on your normal day-to-day tasks at your business.
   

• Detailed Reporting With Expert Remediation Assistance

  After your initial analysis is complete, our penetration testers provide detailed threat reports and step-by-step explanations for how they gained system access through exploitable vulnerabilities. Our pen testing service includes consulting, which you can use for remediation assistance, security consulting, and/or to retest your system environment.

​

Quickly Contain Compromise

Striker Advisory Forensic Investigators have years of experience and expert tools that provide a fast recovery solution. Our investigators work with you in confidence to identify all exposure points and provide necessary education to achieve a full recovery.
 

Top Reasons To Use Striker Advisory Forensic Investigators For Breach Recovery
 

• Minimize Damage

  Striker Advisory provides an initial consultation on immediate steps you should take to stop the loss of payment card data, protected health information, or other sensitive data and minimize the damage to your business and customers.
   

• Higher Standard Of Service

  Compromise hurts. Striker Advisory makes it a priority to inform, educate and answer questions to ensure you know how to quickly recover from a breach. From start to finish, Striker Advisory provides a higher standard of customer service to ensure you can quickly return to business as usual.
   

• Advanced Proprietary Tools

  As technology changes and the criminal toolkit expands, Striker Advisory continually adjust and create new tools to analyze cyber landscapes and help you recover from compromise.
   

• In-Depth Analysis

  Striker Advisory analyzes and interprets the available forensics data to discover how, where, and when the breach occurred, as well as the vulnerabilities that allowed the breach to happen. The analysis determines what sensitive data was compromised or is at risk. Where applicable, it also reveals aspects of the environment out of compliance with PCI or HIPAA requirements.
   

• Detailed Investigation Reports

  Striker Advisory first files a preliminary report on the compromise. Once the investigation is finalized, a final report is submitted to appropriate parties. Striker Advisory then assists you in a summary-of-events conference call with the appropriate parties. The call details the compromise and demonstrates how the situation was resolved.

Request a Consultation

info@strikeradvisory.io