From urgency to resilience: A health care cybersecurity success story

Amid growing cyberthreats, a large health care system with more than 100 clinics and medical centers serving urban and rural communities turned to RSM US LLP for help—not just for technical support, but for a trusted team that could help them build a cybersecurity program from the ground up.

The call came from a former colleague who had worked with RSM at a previous health care system. His request was simple: “Do you have an army?” The answer was yes—and that marked the beginning of a deep strategic relationship.

After addressing immediate needs quickly—cultivating trust with key insights, understanding and collaboration—RSM laid out a broader program transformation that included:

• Developing a cyber transformation roadmap
• Supporting risk and third-party risk management
• Leading identity and access management initiatives
• Launching a data protection program and hardening Microsoft 365

The RSM team met the client where they were in their initial cybersecurity journey, assessing vulnerabilities and collaboratively establishing strategy and process; however, the firm was also poised to help take the client to their next level of fortified security management. This all with the intent to get the organization to a place where they could return their focus to what matters most—their core mission of patient care.

Urgency amid a global crisis

Prior to the initial engagement, the COVID-19 pandemic and a White House memo warning of cyberthreats to health care systems created a sense of urgency. The client’s board requested a three-year roadmap to address security concerns.

RSM responded by:

• Scaling up to a 20-person team
• Building a data protection program and implementing Microsoft Purview and user behavior analytics
• Supporting payment card industry (PCI) Data Security Standard compliance efforts
• Serving as program manager for identity and access management program implementation, including SailPoint, Thycotic, etc.
• Cleaning up identity systems of record and third-party access
• Rebuilding and hardening the client’s active directory
• Implementing various security tools, such as Zscaler

Designing a custom managed services program

By late 2021, the client identified gaps with their existing managed services provider, which offered limited coverage and a one-size-fits-all approach. RSM proposed a more tailored, white-glove solution.

In a pivotal workshop—held during pandemic restrictions—the RSM and client teams codesigned the following:

• A security operations center program
• An incident response framework
• A threat intelligence program

This collaborative effort led to a managed services engagement that kicked off in early 2022.

Going live and scaling up

In April 2022, RSM launched a full suite of managed services, including:

• Managed security information and event management (SIEM), extended detection and response (XDR), and phishing response services
• Vulnerability management
• Threat intelligence integration with the client’s existing XDR platform
• Engineering and operations support for management and fine-tuning of their cybersecurity tools
• Incident response

The program quickly expanded to an affiliate organization, where RSM also implemented:

• Managed governance, risk and compliance solutions
• Second-line defense operations
• Annual audit readiness support
  
  

Navigating change and staying the course

Postpandemic, the client faced budget constraints and leadership departures. Despite these challenges, RSM remained a constant, trusted advisor.
 

Key moments included:

• Conducting team exercises, tabletop simulations and penetration testing
• Supporting business continuity for critical imaging services during a systems outage
   

Becoming the virtual CISO

In June 2024, RSM was named the client’s virtual chief information security officer (vCISO), expanding the firm’s role from tactical execution to strategic leadership. As vCISO, RSM:

• Supported a major digital transformation, including migration to Microsoft Azure
• Revamped cybersecurity policies and created a three-year roadmap
• Established a cybersecurity program management office
• Advocated for and elevated cybersecurity to an executive-level priority
• Supported the client’s insurance renewal
  
  

Strategic impact and executive support

In addition to the multitude of services and advisory, RSM’s contributions extended to executive leadership, including:

• Educating and supporting the chief compliance officer on cybersecurity
• Helping support board presentations and performance metrics
• Building a governance model and a target operating model for cybersecurity
  
  

Results that matter

Through trust, adaptability, deep insights and collaboration with the client, RSM has:

• Transformed the client’s cybersecurity posture
• Enabled secure digital transformation
• Built a resilient, scalable cybersecurity program

Services delivered thus far with the health care client include the following, but work continues:

• Cyber transformation roadmap execution
• Risk and third-party risk management
• Identity and access management
• Data protection and Microsoft 365 hardening
• Managed security services, including a security operations center, incident response and threat intelligence
• Virtual CISO services
• Cloud security and digital transformation support
• Policy revamping and roadmap development
• Cybersecurity program management office setup
• Governance and target operating model design
• Incident response and penetration testing
• Managed governance, risk and compliance solutions for affiliates
• Data analytics