How BlueOrange Compliance Improved IT Security at RiverSpring Health

Center Post

Criminal attacks on health care data are up 125% compared to 5 years ago, according to a May 2015 Ponemon Institute study. The average cost of a data breach for health care organizations is estimated to be more than $2.1 million.

A new CAST case study explores how CAST Supporter BlueOrange Compliance helped CAST Patron RiverSpring Health determine the likelihood of cyberattacks on its health information technology (IT) system, while recommending strategies to improve the system’s overall security. 

RiverSpring Health is an internationally recognized nonprofit geriatric care organization offering a full continuum of senior care to more than 10,000 older adults in the New York metropolitan area. BlueOrange Compliance has over 50 years of experience in technology security, compliance, and health care. 

Penetration Testing

RiverSpring Health determined that hiring a compliance partner to perform “penetration testing” was a practical and easy way to validate the organization’s compliance with the Health Insurance Portability and Accountability Act (HIPAA).

BlueOrange’s penetration testing process involved:

  • Performing an external and internal vulnerability scan.
  • Probing various devices for vulnerabilities and exploitation potential. 
  • Simulating the practices and methods of external or internal agents attempting unauthorized access to data stored in RiverSpring’s IT system. 

When the testing was complete, BlueOrange provided RiverSpring Health with a prioritized, detailed, and actionable remediation plan.

Penetration testing represents a proactive and preventative approach to security, according to the case study. Because penetration testing is ongoing, it provides opportunities to continually identify potential vulnerabilities, modify relevant policies, provide training, monitor staff compliance, and ensure security. 

For More Information 

See the full case study for challenges, lessons learned, and advice to others.