The Abu Dhabi Department of Health (“DoH”), being the regulator of the healthcare sector in Abu Dhabi, had released the ADHICS Standards to improve the privacy and security of health information. ADHICS standard intends to enhance the healthcare cyber security in the UAE to the next levels by meeting international healthcare cyber security and privacy practices. ADHICS also helps the healthcare sector meet compliance with UAE Information assurance standards.
The client is a leading healthcare Conglomerate with more than 40 healthcare facilities spread across the UAE. With its exemplary service and quality of medical facilities, the client is ranked as one of the top-most hospitals in the UAE.
Owing to the demanding compliance requirements of the healthcare industry, the client was in need of an effective, affordable way to manage vulnerabilities, threats and the remediation process. The main requirement from the client was to guide them throughout the ADHICS Compliance program right from the assessments till the final audit.
The key challenges faced during the project are listed below:
- Being new to the ADHICS standards, the client was not aware of the requirements and implementation process.
- The client used legacy systems/operations that tend to have security vulnerabilities and was unable to accommodate the best security practices.
- The IT & OT environment integration process was vague, which resulted in difficulty setting up the controls.
- Setting up a unified governance framework was a challenging task, as the client was a large organization with multiple healthcare facilities in scope under different managements.
- The local regulatory body audit was about to start within a month from the project initiation and it was not easy to complete the project within the given deadline.
ValueMentor addressed all the key challenges with our dedicated and experienced team of analysts.
- A detailed training was provided to the selected employees regarding the ADHICS standard and a basic awareness program was conducted for all the employees. Also, we gave recommendations to hire a dedicated CISO who will be responsible for the client’s information/data security.
- Advised the client on isolating the legacy systems using technical controls to reduce the risk exposure. Also, a demonstration was provided to educate the client on how legacy operations lead to security risks that are often unnoticed.
- The different teams working in silos restricted the clarity of vision across the organization. ValueMentor brought the teams together to work on standardizing the network architecture and to record/track each component connected.
- We proposed a centralized governance structure, where a central committee was to be formed for the entire groups and workgroups of each institution. Also, we recommended the client to hire a dedicated CISO to steer all these activities.
- We prepared a project plan with critical tasks to be completed and internal deadlines for each task were also set. These tasks (like documentation, testing, etc.) were assigned to specific teams/ workgroups.
ValueMentor is pleased to know that the client has received several benefits from our ADHICS Compliance Services.
- Ensured all the sensitive data is safe, thus easing the burden associated with Information Security Management
- Ensured all the said requirements regarding ADHICS compliance was met
- Prevented costly data breaches and reputational damage
- Trained employees that every member of the organization is responsible for protecting patient data and creating a safe security infrastructure.
With prominent cybercrimes becoming a regular occurrence, it has become imperative for every organization to adopt a trusted security partner and assess their security posture regularly. Cyber Attacks disrupt healthcare industries’ access to patient data which might result in serious medical errors and treatment gaps. As a full-service Cyber Security Service Provider, ValueMentor helps you manage cyber risks, meet compliance requirements and respond to incidents while protecting their business.
ValueMentor is a pure–play information security services and consulting company. We are specialists in delivering Security Consulting Services to organizations across the globe and pioneers in Information Security Audit Services, Information Security Consulting Services and Managed Services.