Keeping Information Safe

Our risk assessments are readable, comprehendible and actionable; and we provide the latest solutions for secure wireless migration, disaster recovery planning, and vulnerability protection.

Facebook Icon Linkedin Icon PHA eNews sign-up Share Icon


Working with Purdue Healthcare Advisors helped to validate what Rush Memorial Hospital has done for years as a leader in rural healthcare informatics...mitigate network security risk.

Jim Boyer, CIO/VP Technology, Rush Memorial Hospital

We annually review our policies and practices as they relate to compliance with the HIPAA Security Rule to maintain a robust and solid security foundation. Using a third party to perform a risk assessment is an optimal business practice, because an independent security consultant has a fresh set of eyes to better evaluate the risks and vulnerabilities to the confidentiality, integrity or availability of electronic protected health information.

Bob Havens, Technical Specialist, Hancock Regional Hospital


cyberTAP Flyer (pdf)



Employment

 

cyberTAP logo

To guide practices and hospitals in health IT security best practices, PHA turns to cyberTAP, a Purdue University technical assistance program formed in 2019 to meet the growing demand for cybersecurity services and education. cyberTAP offers extensive expertise in health IT security because many of its staff are former PHA security consultants well versed in the security needs of hospital systems, clinics, and small practices. 

Since Purdue began offering security services in 2012, our affordable rates, impeccable reputation, and attention to detail have set us apart from for-profit vendors. Last year alone, Purdue experts were onsite at more than 600 healthcare facilities, providing assessments, testing, audits, project management, training, and consulting. In addition to the services we have traditionally offered the healthcare industry, cyberTAP introduces Cyber Range Training and other workforce-development options that may be of interest to your healthcare organization's security professionals. The state-of-the-art cyber range provides an immersive, simulated environment for industry partners to develop the next generation of cyber warriors. We can also advise on a variety of IT solutions including encryption strategies; secure wireless migration; disaster recovery planning, and vulnerability analysis implementation, then equip your team with the tools to facilitate in-house solutions.

To inquire about scheduling cyberTAP to perform your annual Health IT Security Risk Assessment or other healthcare-related IT services, please scroll down and fill out the online form. To inquire about other cyberTAP services, please contact a member of the cyberTAP team.


SRA Stove Knob InfographicAssessments

Security Risk Assessments (SRA) — We work onsite, interviewing key staff, conducting physical facility walk-throughs, and performing the reviews, scans, and assessments necessary to create a realistic security and privacy remediation plan. Our assessment includes review of documentation, administrative controls, network architecture and configuration; a vulnerability analysis; and audit testing. SRAs are required for participation in some value-based programs.

External Vulnerability Assessments (EVA) To identify vulnerabilities within your Internetfacing infrastructure and attached network systems, we can manage for risk environment or provide one-time testing. Our remote EVAs include an external scan of IP addresses; a meta-data analysis of your domain; and a DNS / Whois record review. 

Technology Assessments This onsite assessment of your organization’s hardware, software and network; network speed and  laptops/ desktops comes with post-assessment recommendations on upgrades aimed at saving you time and money.


Testing/Audits

Phishing Simulation & Security Awareness Education — The five most common attack types that social engineers use to target their victims are phishing, pretexting, baiting, quid pro quo and tailgating. More than 40% of all information breaches result from this malicious online activity, with 98% of these incidents carried out by phishing. When suspicious emails make it through a hospital's technical defenses, employees are the last line of defense, therefore, it is vitally important that clinicians, administrators and others with computer access learn to properly identify and report suspicious emails as potential threats. Using a proactive approach, cyberTAP helps clients see which employees are susceptible to being victimized by a phishing attack in a safe and controlled exercise. In the simulation platform, students will gain awareness of warning signs and common tricks used by attackers to get you to provide sensitive information, encourage you to click links, or urge you to download attachments. Point-in-time training occurs in the event that an employee interacts with a phishing message. Monthly security awareness reminders, flyers, and training are provided for all active phishing simulation clients.

Penetration Testing — How vulnerable is your IT infrastructure to exploitation by external adversaries? A penetration test actively tests your security defenses and network configurations to find holes before the bad guys do.

Password Audits — Passw0rd! will meet most basic password requirements, but can be cracked in seconds. Passwords are our first line of defense in protecting data and IT assets, and password audits provide evidence that employees are adhering to password-creation best practices.


cyberTAP Health IT Services Inquiry Form

Please fill this out if you would like to find out more about our SRAs and other services.

Number of sites, and anything else you think is relevant.

We'd love to make sure we get you on our calendar as it's filling up fast.

Choose as many as you wish, and we'll be sure to provide you with more information when we contact you.

We're always looking for new challenges.

Choose as many as you wish.

Choose as many as you wish.

Purdue University, West Lafayette, IN 47907 (765) 496-1911

© 2019 Purdue University | An equal access/equal opportunity university | Copyright Complaints

If you have trouble accessing this page because of a disability, please contact Purdue Technical Assistance Program taphelp@purdue.edu.