Case Study: Children’s Hospital of Minnesota
Children’s Hospital of Minnesota is one of the largest independent pediatric health systems in the United States, with two hospitals, twelve primary care clinics, six rehabilitation and nine specialty care sites. As a healthcare nonprofit, Children’s Minnesota is subject to HIPAA regulations and must ensure that personal health information (PHI) is secured, both at physical locations and within electronic health records and exchanges.
Selecting a security benchmark and policy that is meaningful and then sourcing the information to measure against that benchmark.
The next obstacle was where to find and how to present information on these hospital systems with similar security challenges and performance benchmarks.
Children’s Minnesota leverages the SecurityScorecard platform to gain visibility into potential security risk, both internally and externally. The cybersecurity platform also gives Children's Minnesota the ability to benchmark and compare their risk profile with other healthcare systems.
With the ability to better review and prioritize security issues the IT team at Children’s Minnesota has been able to improve their security risk rating, as well as vendors' ratings. They've also been able to develop a collaborative approach for setting exceptions and effectively remediating issues.