Managing Risk with ‘Rows & Columns’
Like many healthcare organizations, Intermountain Health did the best they could with the resources they had managing third-party and enterprise risk. With a heavy reliance on spreadsheets and a healthy stack of Post-It Notes®, managing cyber risk was highly manual, time consuming, and simply not scalable. Not surprisingly, risk management efforts were held back by:
- Subjective risk evaluation – Managed risk on intuition and what seemed risky, which was highly inconsistent across the team.
- Lack of standardization – Had no standardization or automation of repeatable processes, creating significant inefficiencies.
- Data integrity & audit issues – What happens if the spreadsheet gets lost, cells are locked, or the team is working off an old version?
On Risk Management
Searching for a New Solution
Fed up with this approach, Intermountain sought out a new cyber risk solution. This was more challenging than anticipated, as the vast majority of solutions they encountered forced them to make undesirable trade-offs and fell short of expectations, including:
- Not healthcare specific – Pan-industry solutions weren’t designed to solve the unique challenges faced by the health sector.
- Required too much configuration – Even with training, many solutions made managing cyber risk even more complex and convoluted.
- Too broad or too technical – Solutions were either too broad to address specific issues, or were too technical with endless data fields.
On the Healthcare Industry
Why Censinet?
After evaluating many solutions, Intermountain ultimately decided to choose Censinet:
- Purpose-built for healthcare – Censinet was the only solution that addressed both Intermountain’s needs and healthcare’s unique risks and complexities.
- IRB assessments – With research representing a large part of the business, Censinet and Intermountain worked together to streamline and automate an assessment process that all stakeholders can collectively benefit from.