Overview
When the client found themselves facing a very real threat of cyber-attack, they knew they’d need the right supports and advice to quickly shore up their security systems and processes against the imminent threat. Overcoming a unique set of challenges associated with working within a hospital environment and against a backdrop of the COVID19 pandemic, 460degrees delivered the resources and expertise to not only deal with immediate issues but find the chinks in healthcare provider’s cybersecurity armour and make recommendations to increase their resistance to potential threats.
ABOUT
A major Victorian healthcare provider with approximately 6,000 staff works across multiple sites to provide a diverse range of public health and community services to a large health catchment. In addition to providing quality, accessible healthcare services, the healthcare provider also boasts a proud history of making meaningful contributions to medical research.
Background
In commencing a major cybersecurity capability uplift, the client needed to establish the following:
Challenges
Budgetary pressures, increased demands on personnel as a result of the pandemic and the fact that threat actors were specifically targeting and breaching other Victorian healthcare providers meant even a rapid recruitment of staff couldn’t address the issues at hand. The client needed an immediate boost of expertise to fulfil their operational needs and establish stronger and more sustainable frameworks to support their delivery of healthcare services to the community.
All this in the context of being a hospital operating 24/7 within a safety-critical environment, presenting unique challenges. An understandably low tolerance for error or outages would compound the difficulties of meeting the extremely high standards required by the organisation’s systems and services.
Additionally, consistently balancing the needs of clients, employees, contractors and patients makes any change complex to implement.
Solution
460degrees embedded a team of Experts within healthcare provider’s front line IT personnel. A full stack cybersecurity assessment provided detailed gap analyses and lists of recommendations for strengthening all IT security systems, human capability and risk management processes. Looking beyond internal concerns, 460degrees also researched the current threat landscape, outlining any likely scenarios the client could face based on the current threat actors targeting other local healthcare providers.
Using the latest cybersecurity trends and threat landscape, the 460degrees team also prepared a security governance framework tailored to the healthcare provider’s needs. This framework detailed all requisite governance processes, roles, policies and a risk management plan, along with the board level cybersecurity risks.
In backfilling positions within the SOC group, our team temporarily resourced the function while a permanent team could be recruited and mobilised. Our 460degrees Experts also established automations to roll out security mitigations quickly and comprehensively across the organisation.
Recognising the risks associated with a COVID- related shift to remote working, 460degrees was able to leverage Human Centric Cybersecurity (HCCS) practices, performing advanced phishing simulations to assess staff vulnerabilities and provide the materials needed to protect the organisation against social engineering attacks.
Result
By partnering with 460degrees, the client was able to maximise the effectiveness of their limited cybersecurity resources, strengthening their cybersecurity posture and reducing risks and vulnerabilities. By taking a collaborative interdisciplinary approach, 460degrees provided precise and immediate advice while simultaneously future-proofing the client’s SOC capability.
The full stack cybersecurity assessment resulted in 38 recommendations which were prioritised to support the client’s strategic direction. A governance framework was also established, customised specifically to their needs. With a mind to maximising ROI, our team of Experts delivered above and beyond the minimum requirements.
For example, a rapid roll out of automation to the healthcare provider’s core IT systems ensured the deployment of mitigations was fast, robust and easy to execute. Using information warfare best practices, the 460degrees team conducted three phishing campaigns, exposing a high incidence of human error that would have led to cyber breaches. The client found these exercises particularly helpful. One cybersecurity architect reported that the results from the phishing simulation had “really got the hospital talking.”
A better model for a better future.
Large financial institution masters the delivery of customer value by dipping into 460degree’s talent pool.
