SUCCESS STORY

Virtual CISO Delivers Continuity, Consistency & Experienced Leadership

Impact Advisors earned Best in KLAS® Security & Privacy Consulting in 2021 and 2022.

“We’ve relied on Impact Advisors to help us advance our security readiness and minimize risk. They implemented a wide variety of technical solutions and increased security education and awareness across our organization.”
36515569 DP

#1 Security Leader

An annual Security Risk Assessment at an integrated health system spanning 26 locations and with over 1,500 employees and 800,000 yearly patient visits affirmed the need to fill the open CISO role. However, budget constraints, job market conditions, candidate scarcity, and cost of living concerns constituted signficant obstacles to finding a permament placement.

A Smart Defense

In today’s environment, healthcare organizations cannot afford to let their guard down. Engaging a virtual CISO (vCISO) to fill a vacancy is a smart defensive move—avoiding unfocused lapses in tactical and strategic protections that could create security vulnerability. Moreover, it is an opportunity to leverage the experience of an executive level security expert with exposure to a variety of corporate cultures, employee bases, patient populations, risk tolerance, and security needs, as well as hands-on application of all the recognized standards (NIST, COBIT, ISO, and others). 

Averaging 20 years of experience and many having worked in CISO roles for numerous healthcare organizations, Impact Advisors’ experts quickly and seamlessly integrate
with security teams, providing executive presence and oversight with a focus on programmatic growth aligned with the risk tolerance of the organization.

Our Client Impact

Over 3 years, Impact Advisors has been helping our client to develop an information security vision, attain attestation of their Information Security Program, and move to a more mature stage, enabling improvement of their organization-wide security awareness and reduction of overall security risk.

Develop an Information Security Vision

Impact Advisors researched and evaluated various strategic program needs, including:

• Identify and Access Management (IAM) solutions to include Oracle ERP & HCM as well as future Cloud services (i.e., SaaS, PaaS, & IaaS)
• Privileged Access Management (PAM) solutions to minimize insider threats
• Distributed Denial of Service (DDoS) solutions to minimize an unsophisticated attack vector
• Managed Security Service Provider (MSSP) vendor selection
• Data Classification automation to enhance visibility and data protection
• Governance, Risk, and Compliance solution to minimize staff drag to perform third-party risk management and enhance the maturity of the program to respond to demand

Screenshot 2024 10 28 103831
Attain Attestation of Information Security Program

Passing an independent review is a vital step for building trust in an organization’s Information Security Program. 

To prepare, Impact Advisors facilitated the completion of:

• Six different payer audits (Result: positive above average status)
• Annual Security Risk Assessment / Analysis (Result: 82% NIST CSF compliance)
• Annual renewal of Cybersecurity Insurance (Result: above average rating)
• Moss Adams financial audit (Result: above average rating)

Reduce Organization's Overall Risk

Ultimately, a successful engagement would require reducing the organization’s overall security risk. To do so, the team:

• Implemented automated threat intelligence
• Set up multifactor authentication
• Established pre-eminent secure FTP (MOVEiT) in a DMZ, isolated from the network as a replacement for insecure FTP (SSH) product
• Executed external penetration test with above average results
• Provided various patch management efforts to increase the program effectiveness by over 40%
• Developed internal phishing program, improving user education by 25+%
• Published a quarterly Information Security newsletter
• Facilitated enterprise backup software replacement to match Information Security Program objectives for incident response and disaster recovery
• Facilitated USB port lockdown across the enterprise with exceptions for required business processes using organization supplied and encrypted USB devices
• Expanded log ingestion beyond infrastructure into application

Reduce Organization's Overall Risk

Impact Advisors helped the organization increase its cumulative Capability Maturity Model Integration (CMMI) score by 14 points across 23 categories, producing an overall 2.04 CMMI score (over a half-point rise). In short, the organization has made great strides in a relatively short period of time, given the program’s official start just over three years ago. The organization continues to make progress and is nearing a score of 3.0 with its next annual assessment slated for later this year.

Download PDF

Expertise

About Us

Impact Insights

Search

Headquarters

400 E. Diehl Rd, Ste. 190
Naperville, IL 60563

Downtown Chicago Office

980 N. Michigan Ave. Ste. 1998
Chicago, IL 60611

Impact Mexico

Insurgentes Sur 945, 1st Floor
Mexico City, Mexico 03710

Phone

1-800-680-7570

Email

contact‌‌‌@‌‌‌impact-advisors.com

Linkedin Facebook X-twitter

© 2025 Impact Advisors

Legal & Privacy Policy