Case study

Seattle Indian Health Board

50% of healthcare organizations have had a security breach in the last two years.*

Seattle Indian Health Board is a community health clinic that provides health and human services to its patients while specializing in the care of Native people.

In 2015, Seattle Indian Health Board had basic, limited, and isolated information technology infrastructure. As its health outreach programs grew, so did partnerships with other organizations to meet patients’ health and social needs. The demands on the IT system quickly increased, and SIHB began to realize that it needed to take a hard look at its cybersecurity.

Andre Dixon, IT Director, knew that SIHB lacked proper internal controls and no one had an eye on what was happening day to day inside the network. SIHB contracted with CI Security™ for a HIPAA risk assessment to gain further insight into its security posture. The process was comprehensive, and the results left no room for debate: SIHB had critical gaps in its security, leaving both its systems and the data of some 6,000 patients at risk. With a small IT department of three full-time employees, SIHB knew it needed to look externally for cybersecurity resources. Monitoring its own network 24/7 would mean adding another 2-3 full-time staff, essentially doubling the IT workforce.

With CI Security on our side, we know that we have similar security capabilities as much larger institutions and at a reasonable cost. Andre Dixon, IT Director

Critical Insight solved the problem

Having already experienced the value of CI Security’s work, Seattle Indian Health Board selected CI Security’s Critical Insight™ Managed Detection and Response (MDR) service.

Fred Langston, a founder of the company and a contributor to HIPAA Proposed Security Rule, walked the IT department through each of the phases which provided insight into what would happen, what CI Security analysts would look at, and the reports the IT department would receive.

Implementation was painless. Each of the clinic sites had a collector installed, and SIHB’s logs were sent to the Critical Insight Security Operations Center (SOC), where expert analysts provided 24/7 coverage, aided by advanced detection technology, all for less than the cost of hiring a full-time analyst. For Andre Dixon, IT Director, CI Security’s presence brings peace of mind. “It’s this feeling of – they are there if I need them. Someone is looking at those logs, understanding what is happening, and reporting out any anomalies.” For executive leadership and board members, when they see cybersecurity incidents in the news they’re comforted knowing they have CI Security’s MDR.

Additionally, increasing its cybersecurity capabilities has also facilitated better partnerships and collaborations for SIHB, advancing its mission. A division of Seattle Indian Health Board, Urban Indian Health Institute (UIHI) is the only tribal epidemiology center explicitly focused on the nationwide urban American Indian and Alaska Native population.

CI Security’s experts guided the implementation. They communicated what was needed on-site and worked rapidly to get it done.

Confidence in cybersecurity enables SIHB to expand, grow partnerships, and share data in meaningful ways to improve health across the indigenous populations.