Private Healthcare has many financial service clients that are regulated by the Monetary Authority of Singapore. The Technology Risk and Outsourcing regulation are indirectly enforced on the Service Provider (Private Healthcare). The regulator has highlighted significant ramification if the regulation is not adhered to, including but not limited to financial penalties and revocation of license. The Financial Service clients are concerned with the risks associated with using outsourced service providers (Private Healthcare) who processes, stores and handles confidential data on behalf of financial services clients and of them not complying with the regulations.

As a result, Private Healthcare requested Pragma to conduct an assessment of the security and control environment on their technology environment and to report on the observations and associated risks for the services provided.

The scope of service for private healthcare included a security testing on their mobile application, backend server and web application, assessment of policies, procedures and process, architecture and operational procedures that support healthcare. We have had to evaluate over 730 controls based on MAS TRM guidelines and Outsourcing and the new CyberHygiene Notice.