Background
Peninsula Home Hospice (PHH) was born from a recognised community need and established by a group of volunteers eager to ensure those wanting to stay in their own home as they faced terminal illness were able to do so. Since then the service has grown into a Specialist Community Palliative Care Service provided through a DHHS service agreement and community support. PHH works collaboratively with Specialist Palliative Care consultancy team and the Palliative Care Unit (run by Peninsula Health) as well as General Practitioners and Medical Specialists, Community Nursing, Acute Hospitals (both public and private), Residential Aged Care Facilities, local councils and other community services to optimise end of life care for all.
PHH partnered with Majestic Computer Technology in July 2019 for managed IT services and put in place a high-level digital strategy for the coming five years that included a roadmap around IT Security maturity improvement.
Challenge
Health Care providers have consistently been one of the top three contributors of privacy complaints to the Office of the Australian Information Commissioner (OAIC) over the last three years, a further indication of the vulnerability prevalent within the industry.
They have also been the leading source of notifiable data breaches since mandatory notification began in February 2018.
While often perceived as a ‘technical’ matter, Cybersecurity is much broader and encompasses both the technological and human aspects of an organisation.
The executive team at PHH were concerned about recent information security incidents that specifically targeted the health sector in Australia and tasked Majestic with a review of their current cybersecurity maturity, their compliance to the DHHS’s information security directives, ACSC’s Essential 8 and other various health and patient data related regulations in Australia like HIPAA, NATA.
PHH’s three-year support and maintenance contract with their existing network firewall provider was coming up for renewal in October 2019. Also, an upgrade to their internet service bandwidth aimed to cater for a growing number of users, meant the current firewall solution was no longer suitable.
Following this, Majestic then sought to find PHH the best solution to meet their current needs, with the ability to scale as the organisation continues to grow.
Solution
Majestic went to tender on PHH’s behalf to find a suitable security partner. From a long list of security vendors, Majestic shortlisted and presented three options to PHH, with Red Piranha’s Crystal Eye as their preferred solution.
The organisation selected Crystal Eye over other alternatives due to its ability to implement multiple layers of defence that created greater visibility and security awareness across the entire organisation.
Crystal Eye offered comprehensive reporting and features as part of the built-in GRC controls that meant PHH and the board could;
- Quickly understand their organisation’s security maturity
- Establish which areas demand improvement
- Keep their business-critical documents and information safe with Data Loss Prevention (DLP)
- Restrict the use of unapproved applications on corporate networks with Application Whitelisting (AWL), one of the Governments ‘Essential 8’ mitigation strategies
Being an Australian vendor with the ability to manage and support the deployment from their local Security Operations Centre (SOC), was also a critical factor in PHH’s decision.
Majestic’s team worked closely with Red Piranha throughout the implementation process to ensure the transition was smooth with minimal disruption to PHH. One month following deployment, Majestic held a post-implementation tuning session to ensure that the Unified Threat Management (UTM) is correctly tuned to provide an optimum level of security.
For PHH, it was also encouraging that Red Piranha’s managed security (SIEM) is a standard inclusion with the licence subscription, that provided proactive monitoring and response with from their highly advanced global threat intelligence coupled with human expertise from their Australian based 24/7 SOC teams.
This process reassured PHH that Crystal Eye well and truly exceeded the tender criteria and that they were advised and provided with the right solution to support their security infrastructure for the coming three years and no doubt, beyond.
Result
Red Piranha’s Crystal Eye provided a higher level of visibility and reassurance.
PHH is now using built-in features and technologies like Application Whitelisting and Vulnerability Assessments not previously available, providing additional layers of protection and assurance.
Our team in conjunction with Red Piranha, continuously deliver expertise and knowledge to further improve the security posture for PHH.
