Insights

Post-Breach Remediation and Risk Reduction​

Case Study Cybersecurity

A healthcare insurance company closes security gaps and builds an in-house Security Operations Center using a cybersecurity solution. 

SITUATION

In the healthcare industry, data breaches can erode patient trust and damage a company’s reputation. This was the challenge facing our client when they acquired a specialty pharmacy. Before the acquisition closed, cyber criminals exploited vulnerabilities and accessed systems containing personally identifiable information (PII). Our client engaged us to strengthen their cybersecurity program after the breach. Our key objectives were to:​

  • Assess their environment post-breach​

  • Build their initial cybersecurity team​

  • Consolidate security tools into the parent company​

  • Remediate vulnerabilities​

  • Develop and implement new security controls​

  • Provide ongoing managed security services​

“With their help we went from a tiny security team to what it is today, and the quality of the Apex people have been top notch. Their Solution Leaders have great technical perspective and can marry strategy with delivery.”
– Security Director, Client​

SOLUTION

Apex developed the acquired entity’s first and fully managed security function. We assembled and onboarded a team of consultants and deployed them to the necessary functions within the business. Once onboarded, Apex developed a future state strategy for integration into the purchasing company’s security environment and consultants began working on tasks to achieve Risk Parity. These consultants:​

  • Developed and implemented cloud security best practices within AWS and Azure. ​

  • Managed operations of the threat and vulnerability management (TVM) program and toolset (i.e., Rapid7). ​

  • Onboarded critical systems and services to the purchasing company’s secured environment and created data flow mappings identifying PII and Protected Health Information. ​

  • Provided ongoing Level 1 & 2 security support for identity and access, logging and monitoring, incident response, and TVM processes. ​

  • Developed process documentation to assist in knowledge transfers and future scaling. ​

  • Developed a change management and peer review for cloud security and IT Operation changes, resulting in a 97% successful implementation rate without needing to revert to backout or a recovery process.​

RESULT

The engagement allowed our client to reduce their security risk profile and adhere to the purchasing company’s security requirements to fully integrate into their environment before the required deadline.  It was achieved by remediating current High and Critical vulnerabilities, integrating and standardizing security and IT operations tools, and implementing new security program best practices. In total, we remediated over 1,400 critical and high-security vulnerabilities in the Azure and AWS environments two months ahead of schedule to enable integration before the deadline. They also transitioned the security operations center (SOC) from a previous managed SOC provider to in-house, which reduced incident response times by 50% on average for all CrowdStrike and Rapid 7 High & Medium security alerts.​

Related Insights: Cybersecurity Healthcare
You May Also Like
abstract image with lock icons and lines connecting
Product Security and Vulnerability Management
Case Study Cybersecurity
Cybersecurity image
SailPoint Security Onboarding
Case Study Cybersecurity
hands holding a cell phone in front of a laptop with virtual banking icons
Mobile DevSecOps Platform
Case Study Product and Application Development