Keeping Information Safe
Our risk assessments are readable, comprehendible and actionable; and we provide the latest solutions for secure wireless migration, disaster recovery planning, and vulnerability protection.
Working with Purdue Healthcare Advisors helped to validate what Rush Memorial Hospital has done for years as a leader in rural healthcare informatics...mitigate network security risk.
— Jim Boyer, CIO/VP Technology, Rush Memorial Hospital
We annually review our policies and practices as they relate to compliance with the HIPAA Security Rule to maintain a robust and solid security foundation. Using a third party to perform a risk assessment is an optimal business practice, because an independent security consultant has a fresh set of eyes to better evaluate the risks and vulnerabilities to the confidentiality, integrity or availability of electronic protected health information.
— Bob Havens, Technical Specialist, Hancock Regional Hospital
cyberTAP Flyer (pdf)
Drug abuse fighters get training
Federal award provides funds for Purdue to help Fayette County improve local opioid abuse prevention and treatment
Bailey: A Recap of National Cybersecurity Awareness Month
Purdue, FSSA partner to bring new care models, process improvements, and technology systems to four Indiana communities to improve opioids addiction treatment and hospital transitions from long-term care
Medical Devices: New Challenges in Medical Information Security
To guide practices and hospitals in health IT security best practices, PHA turns to cyberTAP, a Purdue University technical assistance program formed in 2019 to meet the growing demand for cybersecurity services and education. cyberTAP offers extensive expertise in health IT security because many of its staff are former PHA security consultants well versed in the security needs of hospital systems, clinics, and small practices.
Since Purdue began offering security services in 2012, our affordable rates, impeccable reputation, and attention to detail have set us apart from for-profit vendors. Last year alone, Purdue experts were onsite at more than 600 healthcare facilities, providing assessments, testing, audits, project management, training, and consulting. In addition to the services we have traditionally offered the healthcare industry, cyberTAP introduces Cyber Range Training and other workforce-development options that may be of interest to your healthcare organization's security professionals. The state-of-the-art cyber range provides an immersive, simulated environment for industry partners to develop the next generation of cyber warriors. We can also advise on a variety of IT solutions including encryption strategies; secure wireless migration; disaster recovery planning, and vulnerability analysis implementation, then equip your team with the tools to facilitate in-house solutions.
To inquire about scheduling cyberTAP to perform your annual Health IT Security Risk Assessment or other healthcare-related IT services, please scroll down and fill out the online form. To inquire about other cyberTAP services, please contact a member of the cyberTAP team.
Security Risk Assessments (SRA) — We work onsite, interviewing key staff, conducting physical facility walk-throughs, and performing the reviews, scans, and assessments necessary to create a realistic security and privacy remediation plan. Our assessment includes review of documentation, administrative controls, network architecture and configuration; a vulnerability analysis; and audit testing. SRAs are required for participation in some value-based programs.
External Vulnerability Assessments (EVA) — To identify vulnerabilities within your Internetfacing infrastructure and attached network systems, we can manage for risk environment or provide one-time testing. Our remote EVAs include an external scan of IP addresses; a meta-data analysis of your domain; and a DNS / Whois record review.
Technology Assessments — This onsite assessment of your organization’s hardware, software and network; network speed and laptops/ desktops comes with post-assessment recommendations on upgrades aimed at saving you time and money.
Phishing Simulation & Security Awareness Education — The five most common attack types that social engineers use to target their victims are phishing, pretexting, baiting, quid pro quo and tailgating. More than 40% of all information breaches result from this malicious online activity, with 98% of these incidents carried out by phishing. When suspicious emails make it through a hospital's technical defenses, employees are the last line of defense, therefore, it is vitally important that clinicians, administrators and others with computer access learn to properly identify and report suspicious emails as potential threats. Using a proactive approach, cyberTAP helps clients see which employees are susceptible to being victimized by a phishing attack in a safe and controlled exercise. In the simulation platform, students will gain awareness of warning signs and common tricks used by attackers to get you to provide sensitive information, encourage you to click links, or urge you to download attachments. Point-in-time training occurs in the event that an employee interacts with a phishing message. Monthly security awareness reminders, flyers, and training are provided for all active phishing simulation clients.
Penetration Testing — How vulnerable is your IT infrastructure to exploitation by external adversaries? A penetration test actively tests your security defenses and network configurations to find holes before the bad guys do.
Password Audits — Passw0rd! will meet most basic password requirements, but can be cracked in seconds. Passwords are our first line of defense in protecting data and IT assets, and password audits provide evidence that employees are adhering to password-creation best practices.