Tech

Transforming Enlace Health’s Cybersecurity: From Strategy to Robust Defense

by Warner Moore
Jul 17, 2024
Enlace health Logo

Elevating Cybersecurity at Enlace Health

Discover how Enlace Health, a leading HealthTech company, partnered with Gamma Force to elevate their cybersecurity strategy and execution. Gamma Force improved Enlace Health’s strategic alignment, third-party vendor risk management, security awareness, and overall posture. By right-sizing their security program and building capabilities across the organization, this partnership ensured the protection of Protected Health Information (PHI) and compliance with HITRUST and HIPAA requirements. Additionally, Gamma Force’s support during the Log4j vulnerability incident demonstrated their expertise in effective incident management.

Challenge

Enlace Health faced several significant challenges in their cybersecurity journey:

  • Evolving Cybersecurity Strategy: They needed to develop and mature their cybersecurity strategy in alignment with their business objectives of delivering value-based care.

  • Managing Third-Party Vendor Risks: With a complex network of vendors, efficient and thorough risk management was crucial.

  • Preparing for HITRUST and HIPAA Compliance: Ensuring readiness and success in HITRUST and HIPAA audits was critical for maintaining trust and compliance.

  • Addressing Vulnerabilities: Rapidly evolving threats like the Log4j incident, including handling JNDI lookups, required immediate and effective responses.

Solution

Gamma Force provided comprehensive support to Enlace Health, addressing their challenges through strategic guidance, capability building, and focused execution.

  • Strategic Guidance and Roadmap Development: Initially assisting Enlace Health’s CFO, Gamma Force developed a security roadmap to ensure the program’s performance and continuity. This phase led to the successful hiring of a full-time security leader.

  • Capability Building: Gamma Force filled capability gaps by supporting strategic planning and executing core processes like risk assessments and vendor evaluations. They provided training and resources to build internal capabilities, empowering Enlace Health’s team to manage security tasks independently over time.

  • Focused Execution: Post-strategy phase, Gamma Force shifted to execution, supporting third-party vendor risk management, conducting penetration tests, facilitating HITRUST audit readiness, establishing a GRC tool, and responding to the Log4j incident. They ensured recurring activities were performed appropriately and provided additional bandwidth under the security leader’s direction.

  • Efficient Incident Response: During the Log4j vulnerability, Gamma Force performed real-time patch testing, modified firewall rules to counter new exploit methods, addressed JNDI lookup obfuscations, and validated patch effectiveness through targeted exploitation attempts.

Impact

Gamma Force’s involvement significantly enhanced Enlace Health’s cybersecurity capabilities and overall security posture.

  • Enhanced Security Strategy and Execution: Enlace Health gained a well-defined cybersecurity strategy aligned with business objectives, prioritized capabilities, efficient resource allocation, continuous support, and an enhanced security posture, resulting in improved protection and compliance.

  • Improved Risk Management and Compliance: Gamma Force executed thorough risk assessments, deployed rigorous third-party vendor risk protocols, streamlined HITRUST and HIPAA compliance, and implemented automated security controls for continuous monitoring and rapid incident response.

  • Effective Incident Management: Gamma Force’s critical support during the Log4j vulnerability ensured robust protection, demonstrating their expertise in incident management and response.

  • Successful Hiring of Full-Time Security Leader: Assistance in selecting and hiring a full-time security leader further strengthened Enlace Health’s internal security leadership.

  • Ongoing and Adaptable Support: With renewal, Gamma Force refocused on execution, including third-party vendor risk management, automating in the GRC tool, right-sizing the security program, and helping with audit readiness and coordination. This ongoing support provides Enlace Health with a dynamic and responsive security program, adaptable to new threats, regulatory requirements, and organizational changes, ultimately leading to a stronger security posture and better compliance.

Interview with Steve Vandenberg, the VP of Information Security and Technology Operations at Enlace Health

Warner Moore: Today, we’re meeting with Steve Vandenberg, the VP of Information Security and Technology Operations at Enlace Health. He’s going to share some of his experiences working with us here at Gamma Force. We’ve been working at Enlace Health for multiple years, initially helping with their cybersecurity strategy, and later with execution through third-party vendor risk management and preparing for their HITRUST audit. 

Steve, can you share more about your role, your background, your organization, or anything else you’d like to share with us?

Steve Vandenberg: I’d say the significance of security is greatly emphasized at Enlace Health due to the nature of our business being health-centric, developing solutions and services to drive value-based care, and now with a focus on the specialty area. During my time at Enlace Health, we’ve focused on maturing and adding capabilities to our security program. Gamma Force has helped us in two ways: guiding the direction and prioritizing needed capabilities, and filling capability gaps or enhancing certain capabilities, particularly in third-party risk management.

Warner Moore: Healthtech security and privacy, especially with HIPAA, is often non-negotiable. I don’t know about you, but I’ve yet to meet a CISO or security leader who has enough folks on their team, regardless of the company’s size. 

We had been working with Enlace Health before you joined. How did we help you in your role and contribute to your success?

Steve Vandenberg: The presence of Gamma Force accelerated my ability to understand different parts of the company, assess maturity in areas like application security and third-party security, and execute on the strategic vision more quickly. Your partnership and prior knowledge were tremendously valuable, helping to identify where Gamma Force could fit in best. The flexibility and experience of Gamma Force made a significant difference in our relationship, enabling us to add capabilities and maturity to our security program.

Warner Moore: One of our company values is putting people first, both our team and our clients. We operate more like a tech company than a professional services company. 

Can you talk about the types of team members who have worked with you and in what capacities?

Steve Vandenberg: There’s been a lot of variety, which is why our partnership has lasted so long. From strategic guidance to execution and assistance in core security processes, your team has been involved in risk assessments, vendor vetting, and ensuring efficient processes without duplicating work. Gamma Force has helped us meet time expectations for reviewing and approving vendors without sacrificing quality.

Warner Moore: It’s important to empower our colleagues in the business. 

Can you talk more about the impact we’ve had on your organization through your experience working with us?

Steve Vandenberg: The biggest impact has been twofold: enabling success with our HITRUST engagements, which is crucial for revenue generation, and assisting with incident response, such as during the Log4j vulnerability. Your team, especially Zach, has been instrumental in testing fixes, patching, and ensuring we were no longer exposed to vulnerabilities. Gamma Force has greatly impacted both our revenue generation and protection.

Warner Moore: It’s really about figuring out what needs to be done and doing it effectively. 

Is there anything else you’d like to share about yourself, your company, or your experience working with us?

Steve Vandenberg: I’d like to mention Virgil and Nate, who have also made a significant impact at Enlace. Gamma Force has a wide range of talent, bringing in knowledgeable and hardworking folks who have made a positive difference. I’m definitely a fan of your team.

Warner Moore: We believe people are the competitive advantage in any company. Our mission is to enable cybersecurity to be more strategic and drive value to the business. We’re grateful to be working with you.

Your consent is required to display this content from vimeo - Privacy Settings

Where are you with your compliance management? We’d love to hear from you. Schedule a free consultation to learn how we can help evolve your capabilities.

complianceSoftware engineertechnology

Leave a Reply

Your email address will not be published. Required fields are marked *
Next
Securing Atropos Health’s Transition to Commercial Success
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound
Save