Cyber Risk Assessment and Security Testing
Assessment of Healthcare Chain as an Outsourced Serviced Provider
Private Healthcare has many financial service clients that are regulated by the Monetary Authority of Singapore. The Technology Risk and Outsourcing regulation are indirectly enforced on the Service Provider (Private Healthcare). The regulator has highlighted significant ramification if the regulation is not adhered to, including but not limited to financial penalties and revocation of license. The Financial Service clients are concerned with the risks associated with using outsourced service providers (Private Healthcare) who processes, stores and handles confidential data on behalf of financial services clients and of them not complying with the regulations.
As a result, Private Healthcare requested Pragma to conduct an assessment of the security and control environment on their technology environment and to report on the observations and associated risks for the services provided.
The scope of service for private healthcare included a security testing on their mobile application, backend server and web application, assessment of policies, procedures and process, architecture and operational procedures that support healthcare. We have had to evaluate over 730 controls based on MAS TRM guidelines and Outsourcing and the new CyberHygiene Notice.
The recommendation we produced helped Private Healthcare understand the technology, process, and people risks, and allowed them to mitigate many of these risks through our recommendations and solutions. The assessment began with a thorough technical review of people, process, and technology, followed by a detailed report to illustrate the issues.
Private Healthcare successfully reported the closure of the issue to its clients and is now leading the pack when looking for a health care supplier who understands the importance of caring about customer data.