Contact Sales

Enterprise Security: Christiana Care Health System (CCHS)

FalconRock-logo christianacare

Christiana Care Health System (CCHS), a healthcare provider serving 50,000 users across multiple states, embarked on an initiative to bolster its cloud security posture, particularly within the AWS Cloud environment. This initiative aimed to address the growing need for robust security measures to protect sensitive patient data and ensure the reliable operation of critical healthcare technologies.

Challenges

  • Hybrid Workforce Security: Protecting a geographically dispersed workforce across various locations.
  • Scalability: CCHS needed security solutions that could scale to accommodate its large user base.
  • Secure Infrastructure: Building a secure foundation for both public and private cloud environments was crucial to protect critical systems and data.
  • Security Maturity: Assessing and improving the overall security maturity was necessary to identify vulnerabilities and strengthen defenses.
  • Security Awareness: Raising awareness to foster a security-conscious culture.
  • Incident Response: Establishing and refining incident response plans
  • Third-Party Risks: Managing third-party risks through robust supplier management practices.
  • Cloud Transition: Ensuring a secure transition from on-premise systems to cloud-based solutions

Solution

  • Leadership: StonyPoint was appointed to spearhead the initiative, reporting directly to the CISO.
  • Network Security: Palo Alto’s Prisma Access solution was deployed to secure the hybrid workforce and provide consistent protection across locations.
  • AWS Security: A new AWS Security Portfolio was proposed, encompassing various security domains, and several AWS security solutions were implemented to enhance cloud security.
  • Scalability: Scalable solutions were implemented for both public and private cloud environments to accommodate future growth and technology needs.
  • Security Assessments: Assessments using NIST and ISO frameworks to evaluate and identify areas for improvement.
  • Incident Response: Incident response plans and processes were established through tabletop exercises to ensure preparedness for security events.
  • Supplier Management: Supplier management fundamentals were implemented to assess and mitigate third-party risks.
  • Corporate IT Policies: Corporate IT policies were updated in alignment with the NIST Cybersecurity Framework.
  • Cloud Transition: Security and governance leadership was provided to ensure a secure transition from on-premise to cloud-based solutions.
  • Secure Development: Various build tools and security testing tools were employed to promote secure development and deployment practices.

Tangible Results

  • Enhanced Cloud Security: The organization’s cloud security posture was significantly strengthened.
  • Secured Hybrid Workforce: Prisma Access implementation effectively secured the hybrid workforce across multiple locations.
  • Improved Security Maturity: Security assessments and strategic planning led to improvement in security maturity.
  • Effective Incident Response: Implementation of incident response readiness plans.
  • Managed Third-Party Risks: Supplier management practices helped mitigate third-party risks.
  • Secure Cloud Transition: The transition from on-premise to cloud-based solutions was achieved securely.
  • Secure Development Practices: The use of build tools and security testing tools promoted secure development and deployment.