CLOUD SECURITY RISK ASSESSMENTS

Comprehensive review of the people, processes, and technology required to secure cloud implementations

Cloud Security Risk Assessments

We specialize in the following major cloud platforms:

  • Microsoft Azure
  • Amazon AWS
  • Google GCP
  • Microsoft Office 365
  • Healthcare-specific Vendor Cloud Implementations (e.g. Salesforce, EHRs, CASB)
  • SaaS Application and Platform assessments (e.g. CI/CD pipeline, API Gateways, Containers (Docker), Container Orchestration Solutions (Kubernetes)

Cloud Security Risk Assessments

Assessments are driven by:

  • Our real-world experience with healthcare deployments
  • Regulatory requirements
  • Cloud service provider guidance
  • Industry standards (e.g. HITRUST, NIST, Cloud Security Alliance)
  • We offer three assessment types to align with your specific scale and budget expectations.

Cloud Security Risk Assessments

We offer three assessment types to align with your specific scale and budget expectations:

    1. Standard - Includes an assessment of all the popular IaaS, PaaS, and SaaS CSP specific services for security best practices.
    2. Plus - includes the services offered in the Standard assessment model plus a comprehensive security assessment of backend CI/CD deployment and all CSP specific services within the organizational cloud accounts. These assessments are tailored to the specific Cloud Service Providers (CSPs) in use in your environment. This level of assessment also includes an overall assessment of your cloud security program including an inventory of cloud deployments across the enterprise, roles and responsibilities for cloud security, and progress and remediation to a defined strategy over time.
    3. Advanced - includes the Standard and Plus assessment services along with assessments of third-party vendor deployments leveraging cloud platforms.

WHAT SETS MEDITOLOGY APART

  • Top-ranked provider of information risk management, cybersecurity, privacy, and compliance services for healthcare
  • Proven track record helping healthcare entities to evaluate, design, configure, and certify cloud-hosted applications
  • Experts in healthcare cloud pen testing, strategy, risk management, and compliance
  • Experience with all major cloud service providers in healthcare settings
  • Real-world experience applying cloud standards and healthcare regulations
  • Alignment with HIPAA, HITRUST CSF, NIST CsF, Cloud Security Alliance (CSA)
 
Quote Icon

The Meditology Security Risk Assessment was a great experience for me.

I feel so much connection with the Team and plan to bring Meditology back for future assessments. Very pleased with what they have offered and how they managed the SRA and Cloud projects.

Head of Privacy and Information Security

Provider of Remote Medical Documentation

 
Quote Icon

Meditology Security Risk Assessment is a great process,

a great product that comes out of it, and it’s educational and informative and gives me what I need to build on.

Director of Information Security

Medical Center in the South

 
Quote Icon

It’s rare that you deal with a vendor where everyone you deal knows their game.

From the first sales call onward, there was never a time where I thought anyone on the Meditology Team was less than excellent. Everyone knew what they were talking about and it made me feel good that they knew what they were talking about. No doubt they know the IT security space.

IT Architecture Security Lead

Large Academic Medical Center

 
Quote Icon

The Meditology Security Risk Assessment was a great experience for me.

I feel so much connection with the Team and plan to bring Meditology back for future assessments. Very pleased with what they have offered and how they managed the SRA and Cloud projects.

Head of Privacy and Information Security

Provider of Remote Medical Documentation

 
Quote Icon

We have done security risk assessments with other competitor vendors for 6-7 years.

Compared, the Meditology Team did a great job. They are very professional and approached project in a very structured way and asked the right questions – it was impressive.

Head of Privacy and Information Security

Provider of Remote Medical Documentation

 
Quote Icon

I felt like the Meditology Team were our employees and felt very connected.

They know their stuff, they come well-prepared and are knowledgeable and know what to ask and where to look.

Head of Privacy and Information Security

Provider of Remote Medical Documentation

 
Quote Icon

Very pleased with the ability of Meditology Team to communicate effectively with my Team.

They are people my team can talk to and get good answers and a trusting relationship with our assessor. Meditology saved us.

CEO

Large Health Information Exchange in the Northeast

 
Quote Icon

Working with the Meditology Team on our SRA is close to exceptional.

It’s something we have to do, and it went very well and is certainly worth what we paid for it.

CISO

Regional Health Information Exchange

 
Quote Icon

Particularly valued working with Meditology because of the expertise that has been brought to the questions we have.

We are a different beast as a university. Most vendors put us in cookie cutter mold, but you took time to understand how we were different and couched the assessment. That was valuable – making the product fit our work environment.

Director of HIPAA Compliance

Public Research University in New York

 
Quote Icon

Everybody on the Meditology Team has been above-board and excellent to deal with and very responsive.

We get a bit of a different team each year but it’s always consistent, which is what I need as a practitioner.

Director of Information Security

Medical Center in the South

. . . . . . . . . . .

Service Lines

 
Quote Icon

We learned there was an industry and Meditology benchmark and we were happy we had that data.

Meditology delivered on our ability to have a Roadmap going forward. For 10-15 years I have been involved in different clients and companies, and I like the Meditology SRA deliverable for the way the data was laid out and the graphics – was innovative.

IT Architecture Security Lead

Large Academic Medical Center

 
Quote Icon

I talked to Meditology last year, as they came highly recommended by other colleagues, and I wanted to bring Meditology in with our Executive Director.

I had a level of expectation when I brought the Team in. And I have not been disappointed. They are professional, very knowledgeable – and it’s very clear they know exactly what they are doing, what needs to be done, and have the content behind them to provide this service. You don’t have to worry about communication – they communicate and over-communicate.

Executive Operating Officer

Large Health Information Exchange in the South

 
Quote Icon

The Meditology Team has been very responsive and very good.

We got an accurate and comprehensive assessment of our security risks and will use the deliverables as a “Roadmap.” The Team really knocked it out, all the interviews, evidence, got it all submitted – and the SRA Report is an accurate reflection of where we are.

Manager of Information Security

Large Not-for-profit Healthcare System, Health Plan, and Medical Group

 
Quote Icon

The value in our multi-year partnership with Meditology is high.

Very valuable to our organization. Team members are very valuable. We had conversations around GRC and HIPAA and some of the recent court rulings. And this didn’t have to be provided as part of the Security Risk Assessment.

Manager of Information Security

Large Not-for-profit Healthcare System, Health Plan, and Medical Group

 
Quote Icon

I rate this project a 5 “Exceptional Value.”

For what this effort was supposed to be, I thought it was good to have an outside perspective. Some internal teams may make assumptions and it is good to have an objective point of view. We learned a lot of useful insights from this whole effort and it was worthwhile. It gave us the perspective of changing our methods of assessing the practices which is valuable.

Security Consultant

Large Integrated Health Network

 
Quote Icon

Very reassuring to see the information in the Meditology Security Risk Assessment report.

The Meditology Security Risk Assessment engagement was very well organized and presented us with information that was helpful for us to know, what our next steps should be, and our biggest security concerns. It’s very valuable to have an outside independent group do our security assessment because it’s hard to see where our own holes are.

Security Officer

Regional Health System

 
Quote Icon

We chose Meditology mainly for their demonstrated knowledge and understanding of HIPAA, ARRA/HITECH and established security standards.

They were unfailingly professional throughout the information gathering and data gathering processes, kept to their timeline and verified the results that they found. The reports produced were accurate and easy to understand, with appropriate benchmarking to other health care organizations and the security industry as a whole. Most importantly, they provided concrete and achievable suggestions to help mitigate the risks identified.

Barbara Anson

CISO, Baptist Memorial Health Care Corporation of Memphis, TN

 
Quote Icon

We engaged Meditology to assist us with Security Risk Assessment services on two different occasions.

They were highly knowledgeable and extremely professional throughout the duration of each project, and the quality of the final deliverables they provided was exceptional. Meditology’s healthcare focus and core competency of Information Security and Privacy were indispensable to the engagement. Their deep knowledge of the HIPAA and HITECH regulations, as well as the Common Security Framework and supplemented by industry operational experience of their team members, added huge value to the assessment. Meditology was able to address significant risk areas in a straightforward manner and was able to provide practical examples and insight on how to go about correcting issues. We will definitely call upon Meditology again when the need arises.

Martin Littmann

Chief Technology Officer & CISO, Kelsey-Seybold Clinic

 
Quote Icon

I was impressed with Meditology's team, the professional manner in which they interacted with our stakeholders, and the comprehensiveness of the final deliverable.

My original experience with Meditology was during a risk assessment at a different healthcare organization. I was impressed with Meditology's team, the professional manner in which they interacted with our stakeholders, and the comprehensiveness of the final deliverable. Upon joining Avanti, I saw the need for a similar, thorough review of our security controls and I immediately thought of Meditology for the job. Meditology's professionals completed the risk assessment with the same professionalism and quality as my first experience. Again, the team met my high expectations throughout the engagement and even went above and beyond the original contracted scope to assist with some last minute requests that provided additional value to me and the organization. I anticipate Meditology will continue to be a trusted adviser for my future security needs.

Jason Cervantes

Chief Information Officer, Avanti Hospitals, LLC

 
Quote Icon

Meditology came to us recommended by our members and is well-respected in its service community.

As a health information exchange (HIE), we are a highly customer-focused organization – and we recognize this same orientation in a consulting partner. Meditology came to us recommended by our members and well-respected in its service community. They were readily able to evaluate our policy and security framework, and identify areas of key focus. We particularly appreciated their knowledge around HIPAA and our statewide HIE. With their help, we created an entire array of organizational policies. Meditology also conducted a security assessment that demonstrated we had appropriate safeguards in place for robust exchange. This has helped assure our member hospital/health systems, healthcare insurers, and ambulatory practices. Naturally, the effort has had an important influence on our service procedures. We look forward to continued work with Meditology for our consulting and ongoing risk-assessment needs.

Daniel Wilt

Senior Director of Information Technology and Chief Information Security Officer, HealthShare Exchange of Southeastern Pennsylvania

 
Quote Icon

Although the project had tight constraints, Meditology exceeded our expectations with high-quality deliverables completed on-time and on-budget.

One of NASCO's key controls for security management is the annual revalidation of security access to the primary claims processing system, to ensure appropriateness of access based on role. NASCO engaged Meditology to perform the security revalidation based on our prior, positive experience working with the firm's leadership and we are pleased we did. Although the project had tight constraints, Meditology exceeded our expectations with high-quality deliverables completed on-time and on-budget. Meditology also provided valuable guidance and suggestions for making the annual security access revalidation process more cost-effective and efficient.

Lauret Howard, SMP

Vice President, Strategy, Brand and Risk Management, NASCO

 
Quote Icon

Onsite Health Diagnostics has relied on Meditology Services for HIPAA security risk assessment and penetration testing since 2014.

Meditology’s information security services have provided OHD’s customers and business partners with confidence in the seriousness with which we take the our responsibility to protecting their highly sensitive data. We have been more than pleased with Meditology’s professionalism, diligence and responsiveness, and we look forward to working with them for years to come. Since our founding, OHD has been dedicated to exceptional client service, providing stress-free employee health screenings and workforce health data analytics. Our clients, who include Fortune 500 corporations, hospital systems, financial institutions, state & local governments and small businesses alike, rely on OHD’s commitment to privacy and security when it comes to their employee health data.

Kyle Alexander

CEO, Onsite Health Diagnostics

 
Quote Icon

Meditology worked hand in hand with our existing teams to perform a thorough analysis.

Meditology leads security-related events in the area. After hearing their expertise we decided to utilize their services for one of our annual risk assessments. Meditology worked hand in hand with our existing teams to perform a thorough analysis. I was impressed with their reviews of even our remote locations to not only conduct interviews but to verify what was truly in practice. Meditology conducted regular meetings with the security team to ensure timelines were on schedule and that we had a mutual understanding of the findings and status. I’ve worked with many companies over the years on these assessments and Meditology is not a group that just checks the boxes. Meditology has an intelligent staff that is up to date on the current regulations.

They have deep conversations on what is needed and why. They help you achieve your goals by aligning where you are today with where you want to be in the future and setting a course.

I am glad we decided to work with Meditology and create a partnership that aligns with our interests.

Nicholas Thomas

Director of Technology Services, Harbin Clinic Information Technology Services