<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=323641658531367&amp;ev=PageView&amp;noscript=1">

Case Study

BlueSteel Cybersecurity Leverages Ostendio to Develop Humanized Security Program for CareSight



The Challenge

Seeking virtual CISO to launch, manage and scale its cybersecurity and compliance program

To properly conduct business with healthcare institutions across the US, CareSight was looking to expand and enhance its security program so that it would protect patient data using a contemporary approach that aligned with health systems and hospitals that they serve. As a smaller organization with limited internal resources and no dedicated in-house security personnel, the patient care analytics company looked outside their team for support.

To address this challenge, CareSight conducted a search for a virtual CISO to address their cybersecurity needs in the following areas: control monitoring, policy and procedure management, information repository and security consulting. BlueSteel’s strengths aligned perfectly with these requirements.

“CareSight was looking for an organization to help them navigate a compliance journey for which they didn’t have a dedicated internal resource or existing provider,” shared Ali Allage, CEO of BlueSteel Cybersecurity. He said that when CareSight came to them, they knew they needed a robust security program, but weren’t sure where to begin.

“At the same time, CareSight wanted to work with tools and resources that enabled failsafe workflows and could make maintaining compliance easier for them in plain view.”

By leveraging Ostendio’s platform, BlueSteel Cyber could deliver an operationalized security program centered around CareSight's people to ensure an always on and always-auditable security posture. 

The Solution

BlueSteel guides CareSight to NIST 800-171 with frictionless, humanized security and compliance utilizing a centralized people-first risk management solution

After determining that a NIST 800-171 Security Program would satisfy CareSight’s business requirements, BlueSteel got to work to create new policies and procedures for a variety of control groups, including:

  • Access Control

  • Security Awareness Training

  • Configuration Management

  • Identification and Authentication

  • Incident Response

  • Risk Assessment

  • Hardware and Software Security and Asset Management

  • System and Information Integrity

“Once we identified the necessary controls and gaps, it was up to us to help navigate and utilize some of the tool sets that we have to fit the control requirements that aren’t currently in place,” Allage said.

BlueSteel implemented CareSight’s security program using the Ostendio platform to operationalize the consolidation and management of key documents, training, reports and security workflows. BlueSteel helped onboard CareSight’s team to the platform, and ensured that staff members were fully trained in security awareness to satisfy their compliance.

These processes not only ensured the security of every piece of information, but also the organization and accessibility for team members. 

“We’re using most, if not all of the modules that are available to manage CareSight’s security and compliance,” Allage said. “We’re trying to leverage every aspect of it that we can.”

Ostendio has been a critical tool in capturing key data that might have otherwise slipped under the radar. This included identifying excess active software licenses software and managing hardware life cycles.

“Ultimately that's one of the challenges when it comes to a security program - the amount of information and the number of swim lanes that must be wrangled together in a central place to provide intuitive visual communication for the organization’s security,” he said.

BlueSteel found that implementing the program using Ostendio also created a much more collaborative environment for CareSight where they are not overwhelmed by hundreds of controls.

“Imagine what a spreadsheet could look like when you're trying to manage all those swim lanes. It's a nightmare,” Allage said. “Ostendio has supported our promise of humanizing cybersecurity, allowing us to represent the security program in a consolidated and clear communicative space.”

The Result

CareSight gains peace of mind with their cybersecurity, allowing more time to focus on primary business objectives

In a featured BlueSteel Cyber review, CareSight shared that even as a boutique company, it’s important for them to operate at the same security level as multinational corporations. BlueSteel has delivered on this objective, with exceptional project management and effective communication.

The combination of BlueSteel’s approach with people-first tools like Ostendio ensures that every aspect of the security program feels connected, giving CareSight confidence that the program will succeed. A particular favorite Ostendio feature among the CareSight team has been the ability to edit and manage documents without ever having to leave the platform.

“From the CareSight team’s perspective, they love the platform,” Allage said. “They love the fact that they can log in and easily find what they’re looking for.”

According to Allage, “CareSight doesn’t have the stress of thinking about their security with the tools and experts supporting them. They can get back to focusing on their business and scaling their products with full confidence that they are secure and in compliance at all times.”

“The sky will be the limit in terms of where CareSight will go on their compliance journey,” Allage said. If CareSight ever needs to pivot how they do business or add new technologies to their product line, they have confidence that their security program can easily scale with them, he said.

In addition, Allage urges other clients in CareSight’s position to focus on proper time management and preparation in building their security programs. 

He also shared how important it is to be selective about the companies they partner with. Companies that see their security program as an investment can make their compliance journey pain-free and even implement a serious security program in less than a year. 

“Waiting until the last minute is painful for everyone and it's probably the most expensive decision or mistake that any organization can make,” he said. “There’s a lot of promises of quick certifications and quick audits–they never work out the way they’re intended.”

“Being able to tout the fact that you are a secure operation, and that you are able to follow guidelines and rules that are set to protect information of your end customers is key.”

CareSight doesn’t have the stress of thinking about their security with the tools and experts supporting them. They can get back to focusing on their business and scaling their products with full confidence that they are secure and in compliance at all times.

Ali Allage, BlueSteel Cyber
Ali Allage, CEO, BlueSteel Cybersecurity

About BlueSteel Cybersecurity

BlueSteel Cybersecurity develops humanized cybersecurity compliance programs that create sustainable security and confidence for SaaS-based organizations and Government Agencies. Our team of Business, Security, Data, Software, and Engineering experts leverage their years of security program and process automation experience to help our client partners achieve compliance certification efficiently and protect their sensitive data against both current and future threats.

BlueSteel Cybersecurity is a top-rated IT and security partner of Ostendio.

About CareSight

CareSight breaks down the barriers between technology platforms and organizational silos, placing easy-to-use actionable analytics in the hands of care managers, patient experience executives, quality and risk professionals, and hospital leadership. CareSight software consumes information from virtually any patient care system or device, including nurse call, patient monitoring, phone and other communication systems, real time location and many others. The reporting engine delivers clinical, quality, risk and nursing executive managers with data they want to see and expert staff to help evaluate what it means.