Falling under federal guidelines as a HIPAA Business Associate, Administrative Solutions, Inc. required a security partner with the experience to guide them through the complexities of the HIPAA regulatory framework. In addition to traditional HIPAA compliance, ASI desired to implement a holistic security program, addressing both disaster recovery planning and breach response preparedness.
As a benefits management firm, ASI had to account for various types of cybersecurity exposures. Considering the volume of e-PHI, partner integrations, and fluctuating customer requirements, Breadcrumb developed a multi-faceted approach. Simulating real-world scenarios, Breadcrumb engineers deployed custom malware and phishing campaigns, isolating key staff members and the e-PHI they controlled. In addition, Breadcrumb conducted an in-depth vulnerability and risk assessment fulfilling traditional HIPAA SRA requirements. To conclude the engagement, documented exposures were categorized within the CIS framework for future trending and benchmarking.
By experiencing real-time simulated data breaches, ASI staff members were not only more aware of their cybersecurity risks, but considerably more prepared. “This was a very informative process for our team,” said Barry Mass, CEO of ASl.” The breach simulation scenarios developed by Breadcrumb were eye-opening.” To conclude the engagement, Breadcrumb executives performed onsite security training for all ASI team members, reviewing engagement outcomes and best practices.