Demo Request
X Close Search

How can we assist?

Case Study

How Intermountain Health Went From “Managed Chaos” to Strategic Cyber Risk Management

Download PDF

Managing Risk with ‘Rows & Columns’

Like many healthcare organizations, Intermountain Health did the best they could with the resources they had managing third-party and enterprise risk. With a heavy reliance on spreadsheets and a healthy stack of Post-It Notes®, managing cyber risk was highly manual, time consuming, and simply not scalable. Not surprisingly, risk management efforts were held back by:

  • Subjective risk evaluation – Managed risk on intuition and what seemed risky, which was highly inconsistent across the team.
  • Lack of standardization – Had no standardization or automation of repeatable processes, creating significant inefficiencies.
  • Data integrity & audit issues – What happens if the spreadsheet gets lost, cells are locked, or the team is working off an old version?

On Risk Management

“Managing risk was recognized, acknowledged, and managed chaos.”

Searching for a New Solution

Fed up with this approach, Intermountain sought out a new cyber risk solution. This was more challenging than anticipated, as the vast majority of solutions they encountered forced them to make undesirable trade-offs and fell short of expectations, including:

  • Not healthcare specific – Pan-industry solutions weren’t designed to solve the unique challenges faced by the health sector.
  • Required too much configuration – Even with training, many solutions made managing cyber risk even more complex and convoluted.
  • Too broad or too technical – Solutions were either too broad to address specific issues, or were too technical with endless data fields.

On the Healthcare Industry

“Healthcare is the most complex industry…You can’t just take a tool and apply it to healthcare if it wasn’t built specifically for healthcare.”

Why Censinet?

After evaluating many solutions, Intermountain ultimately decided to choose Censinet:

  • Purpose-built for healthcare – Censinet was the only solution that addressed both Intermountain’s needs and healthcare’s unique risks and complexities.
  • IRB assessments – With research representing a large part of the business, Censinet and Intermountain worked together to streamline and automate an assessment process that all stakeholders can collectively benefit from.

Censinet as a Partner

“Censinet has been an amazing partner not just to listen, but to act.”

Censinet’s Broad Impact at Intermountain

Check mark icon

65% Reduction in Time to Complete Third-Party Risk Assessments

And IRB assessments now completed in days, not weeks!
Check mark icon

Significantly Stronger Executive Engagement Due to Benchmarking

How do we compare to peers on enterprise cyber maturity and investment levels?
Check mark icon

Tighter Collaboration Between Cybersecurity and Supply Chain

To simplify vendor procurement and onboarding powered by a faster risk assessment process.
Check mark icon

Leveraging Risk Tiering

Based on vendor’s potential impact to the business, automatically schedule and complete reassessments.
Check mark icon

Check mark icon

About Intermountain Health

Intermountain Health is the largest nonprofit health system in the Intermountain West, with 34 hospitals, 400 clinics, and 3M+ telehealth patients served. Based in Salt Lake City, Intermountain serves patients and communities in Utah, Idaho, Nevada, Colorado, Montana, Wyoming, and Kansas.

Matt Christensen is the Sr. Director - Governance, Risk, & Compliance at Intermountain Health
Matt Christensen, CISSP, CRISC, CFE
Sr. Director - Governance, Risk, & Compliance
Intermountain Health

About Intermountain Health

Intermountain Health is the largest nonprofit health system in the Intermountain West, with 34 hospitals, 400 clinics, and 3M+ telehealth patients served. Based in Salt Lake City, Intermountain serves patients and communities in Utah, Idaho, Nevada, Colorado, Montana, Wyoming, and Kansas.

Matt Christensen is the Sr. Director - Governance, Risk, & Compliance at Intermountain Health
Matt Christensen, CISSP, CRISC, CFE
Sr. Director - Governance, Risk, & Compliance
Intermountain Health

About Intermountain Health

Intermountain Health is the largest nonprofit health system in the Intermountain West, with 34 hospitals, 400 clinics, and 3M+ telehealth patients served. Based in Salt Lake City, Intermountain serves patients and communities in Utah, Idaho, Nevada, Colorado, Montana, Wyoming, and Kansas.

Matt Christensen is the Sr. Director - Governance, Risk, & Compliance at Intermountain Health
Matt Christensen, CISSP, CRISC, CFE
Sr. Director - Governance, Risk, & Compliance
Intermountain Health
Helping to Serve the Business and Patients Better

Contact Us Today!

To learn more about Intermountain’s journey and how Censinet can transform cyber risk management at your organization, please contact us.

Contact CensinetContact Censinet
Collage featuring a woman working on a laptop computer, and a doctor reviewing a screen filled with patient data

Sign-up for the Censinet Newsletter!

Hear from the Censinet team on industry news, events, content, and 
engage with our thought leaders every month.

Terms of Use | Privacy Policy | Security Statement | Crafted on the Narrow Land