A successful cyber-attack on a healthcare organization could compromise the privacy of hundreds or thousands of patients, damage the reputation of the organization, and even put lives at risk if critical systems are affected. As a result, healthcare organizations must take extra care to ensure that their cybersecurity measures meet or exceed industry standards. TD SYNNEX Public Sector has created a Healthcare Security Assessment, based on NIST's cybersecurity framework to help you bolster your cybersecurity posture, and help ensure that patient data is protected from both external and internal threats.

Our proprietary conversational Healthcare Security Assessment is designed to gauge your security maturity, recommend an action plan, provide a list of top tier vetted vendors, and help you define your multiyear Healthcare focused cybersecurity roadmap. All without the need to gain access into your infrastructure.

When was your last cybersecurity review or audit? Let our Certified Information Systems Security Professional (CISSP) team member help cover the following: • Your Healthcare focused Cybersecurity Maturity Level • Recommended Action Plan • Provide a List of Vetted Top Tier Vendors • Define a Multiyear Healthcare Cybersecurity Roadmap

FAQS

1. What is the TD SYNNEX Public Sector Healthcare Security Assessment (HSA)?

The HSA is a “conversational” assessment where questions are answered without using tools or technical measurements. It is a snapshot of current security maturity. Because the HSA is a conversation, assessment results may vary based upon the test taker’s response. For example, the CEO may provide different answers than an IT manager.

• Helps build your cybersecurity roadmap by identifying your technology gaps and then providing recommendations for improvement. • Provides an overall security grade plus 5 category grades. All criteria are based on NIST and HITRUST cybersecurity frameworks and architecture. • Assessment results provide recommended action items in each solution category. Leading vendor recommendations are also available per category. • Helps you leverage your results to create a unique risk-based action plan for security improvements and define your Healthcare cybersecurity roadmap.

1. What are some of the benefits of the HSA?

• Applies to organizations of any size. • Provides a risk-based action plan for security improvements. • HSA is quick and simple to administer and complete. • Creates urgency to address most critical risk. • Technology vendor recommendations are category based which allows for focused results. • Customers can leverage existing technology vendors and engage new technology vendors to meet needs. Direct links to our website – detailed information on the IT solution and technology vendor teams’ info.

1. How should you use the HSA?

• Use the assessment report to build the risk-based action plan and business case including proposal and service offerings. • Then use the HSA as needed to report on progress and to update the risk-based action plan leading to future proposals and more security sales.

1. What do the Grades mean?

Grades indicate level of security - A, B, C, and D and “Very Good”, “Good”, “Fair” and “Poor,” respectfully. Each area is graded and rolled up into an overall security grade. The assessment results then pinpoint actions to take in each area identified. This includes technology vendor recommendations and access to the TD SYNNEX Public Sector website where you can compare technology vendors and determine which IT solution is right for you and your organization.

1. Why is the HSA divided into sections?

• The HSA looks at the five important security areas: Identify, Protect, Detect, Respond, and Recover. All criteria are based on NIST and HITRUST cybersecurity frameworks and architecture. This allows for easy alignment to established and accepted security baselines. • Questions are based upon HITRUST., Categories include: o Information Security Management Program o Access Control o Human Resources Security o Risk Management o Security Policy o Organization of Information Security o Compliance o Asset Management o Physical and Environmental Security o Communications and Operations Management o Information Systems Acquisition, Development and Maintenance o Information Security Incident Management o Business Continuity Management o Privacy Practices