Cybersecurity Services 2018
Achieving Outcomes through Healthcare Knowledge and Tailored Services

Author
Dan Czech

June 19, 2018 | Read Time: 3 minutes

Securing protected health information (PHI) is crucial for healthcare organizations. Cybersecurity professionals look to a variety of security software solutions and services to ensure that sensitive information and devices are safeguarded. KLAS currently measures and plans to measure cybersecurity solutions and services across many segments that have the broadest impact on healthcare organizations. Below is a summary of how cybersecurity services fit into KLAS’ cybersecurity measurement framework.

CynergisTek Leads in Breadth and Depth of Services; Fortified Health and Optiv Also Broadly Used

CynergisTek has the greatest breadth of security services and most validated engagements for advisory and technical services. Other validated work by CynergisTek includes interim CISO services, PCI testing, and web application security testing, a service that only CynergisTek was validated for. CynergisTek clients are highly satisfied and praise their firm’s knowledge of healthcare security trends and engaged executive team. Fortified Health Security also has been validated for their diverse offerings and has the highest number of validations for managed security services among firms in this report, including management of network security, DLP, threat management, and vulnerability management. Fortified Health clients’ satisfaction varies; some highlight their firm’s healthcare and security expertise, while others want Fortified Health to be more responsive and follow through on their commitments. Optiv has been validated equally for their advisory and technical services, while some clients report having the firm manage their SIEM and IAM solutions. Optiv consistently satisfies their clients thanks to their strong strategic guidance and collaborative resources.

cybersecurity services firms at a glance

Fixed Security Gaps and Better Insights Are Top Outcomes Achieved

Ultimately, healthcare organizations want cybersecurity firms to help them achieve positive outcomes. The chart below includes the most frequent outcomes respondents were able to achieve as a result of their cybersecurity engagements, along with those firms that were highlighted for their ability to drive specific outcomes.

outcomes achieved from security engagement

Healthcare Knowledge from Clearwater, tw-Security Drives High Satisfaction; Leidos’ Security Expertise Underwhelms

Advisory-focused firms Clearwater Compliance and tw-Security have some of the most consistently satisfied clients, many of whom praise their firm’s cybersecurity and healthcare industry knowledge. Clearwater collaborates with clients to create policies centered on OCR audit preparation and HIPAA compliance, and tw-Security’s frequent educational sessions clearly explain a variety of technical security topics to clinicians. Leidos Health clients rate their firm lowest for overall satisfaction and healthcare knowledge based on a limited number of responses; however, most clients feel Leidos lacks security, not necessarily healthcare, expertise. Clients specifically mentioned Leidos’ underwhelming guidance on security procedures and insufficient data to support conclusions during a HIPAA compliance assessment.

healthcare knowledge vs tailoring services

BluePrint, Meditology Strategically Adapt Their Approach; Deloitte and Secureworks Remain Static

BluePrint Healthcare IT and Meditology Services clients laud their firm’s strategic guidance and tailored services. BluePrint partners early on with clients to understand how to best approach each engagement, and Meditology clients can stay within budgetary constraints by choosing from their firm’s services à la carte. Deloitte and Secureworks clients say their firm struggles to tailor services (based on a limited number of responses). Deloitte clients want their firm’s executives to be more involved and responsive to customer concerns throughout their engagement. Secureworks clients describe their firm’s security tool as cookie cutter and would like more healthcare-specific threat intelligence.

Download Report Brief Download Full Report

This material is copyrighted. Any organization gaining unauthorized access to this report will be liable to compensate KLAS for the full retail price. Please see the KLAS DATA USE POLICY for information regarding use of this report. © 2024 KLAS Research, LLC. All Rights Reserved. NOTE: Performance scores may change significantly when including newly interviewed provider organizations, especially when added to a smaller sample size like in emerging markets with a small number of live clients. The findings presented are not meant to be conclusive data for an entire client base.