Prime Healthcare Services on Adopting a Threat-Informed Defense with AttackIQ Vanguard
More predictive and preventative cybersecurity program.
Better-informed assessments of prospective security investments.
Enabled a threat-informed approach to defense.
Prime Healthcare Services is an American privately held healthcare company that operates 45 hospitals and 300 clinics across 14 states. Hospitals and healthcare organizations are under siege in cyberspace following an increase in ransomware attacks and the broader pressures of the coronavirus pandemic.
After decades of work in cybersecurity, Uma Mahesh Reddy, CISO, at Prime Healthcare Services, understands the importance of a threat-informed defense and how organizations can use real-time performance data to optimize their security programs and make the most of their security investment.
Prime Healthcare Services has over 50 cybersecurity controls, “having cybersecurity controls (technology, people, process, and procedures) in place will not alone protect your organization from breaches and attacks. Proactively measuring the effectiveness of your controls on a regular basis and fine-tuning them to keep up with the ever-changing threat landscape is imperative, explains Reddy”
“AttackIQ has been very helpful, it has given us a different perspective on what we have in place. Not only from the technology point of view, but people and the process too. We validate with the tool, and we don’t announce any of these simulations we do. When we run these simulations, we come across things that we never thought about or could have imagined that there will be a problem with, it could be the technology process. So, it has been really helpful in validating all those three.”
The Security Optimization Process with AttackIQ
To meet its security challenges, Prime Healthcare Services adopted an intelligence-led, threat-informed strategy. The security team deployed the AttackIQ Security Optimization Platform and started to operationalize the MITRE ATT&CK® framework, a knowledge base of adversary tactics and techniques derived from real-world observations.
In addition, the security team was looking for a third-party opinion to validate their cybersecurity readiness. “I wanted a third party, unbiased opinion, invalidating controls. We don’t want a fox to guard the hen house. We want somebody else who has nothing to do with what we are doing, and no strings attached to us, who can speak freely and give their opinion and expertise,” explains Reddy.
That’s why the company has also adopted AttackIQ Vanguard, a co-managed security validation service, which ensures that Prime Healthcare Services is getting the most value possible out of the AttackIQ Security Optimization Platform. With Vanguard, AttackIQ’s experience team of cybersecurity practitioners investigate and advise on potential cyberattacks in Prime Healthcare Services’ environment using the platform to help achieve cybersecurity readiness. “The AttackIQ team is kept abreast of all the newer attack techniques, all the newer TTPs out there. You are in the loop and work with the MITRE framework very closely, so we draw that experience from you.”
“We have a call with the Vanguard team, they take us through reports and go over the findings. Then the team comes back and tells us which are the most important to start with and prioritize. That support is what’s needed from an external party, and in this case Vanguard,” says Reddy.
“I wanted a third party, unbiased opinion, invalidating controls. We don’t want a fox to guard the hen house. We want somebody else who has nothing to do with what we are doing, and no strings attached to us, who can speak freely and give their opinion and expertise.”
AttackIQ Vanguard has been instrumental in supporting Uma’s team with their cybersecurity readiness. Vanguard helps Prime Healthcare identify configuration errors, find security gaps, and enhance the team’s performance through continuous security control validation.
Prime Healthcare Services is now continuously testing its security controls to help achieve cybersecurity readiness. “We test our controls, people, processes, and procedures on a regular basis, we don’t miss it. Whenever we find the gaps, we go back and validate, not only validate them, but I request our team to go ahead and update our SOPs. It’s been invaluable for us, these simulations that we do on the network,” says Reddy.
Ready for your cybersecurity program to be tested-against real-world threats, optimized for effectiveness, and prepared for future attacks?