With threats such as ransomware, viruses and spear phishing becoming all-too-frequent —and as the average cost of a data breach reaches millions of dollars per incident—your approach to cybersecurity must be thorough, enterprise-wide and ever vigilant.
Advanced Discovery’s team of certified cybersecurity and data privacy experts provides a full range of services to audit, optimize and continuously protect your organization’s data. In addition to your core IT operation, we also assess and protect you in the newest and fastest-growing risk areas, including the Internet of Things (IoT), Bring Your Own Device (BYOD) policies and management and Remote Workforces.
With decades of experience in information security, hardware and software development and networking, Advanced Discovery’s forensic and technology experts will deliver a complete analysis and recommendations based on your current cybersecurity posture. Our team:
Our audit report provides you with an actionable, step-by-step playbook that ensures maximum protection and prevention. Important security concerns will be addressed in technical, administrative and procedural areas, including whether computer systems are adequately protected; proper security controls are in place; and whether additional security measures are necessary. The reports demonstrate to key stakeholders—including boards of directors—that appropriate care is being taken to ensure the company’s assets and reputation are safeguarded, and provide critical insight into areas requiring attention.
In the event of a cybersecurity incident such as a ransomware attack or computer virus, Advanced Discovery’s expert first responders react immediately—either virtually or on-site as required– to:
Specific determinations include:
Once the matter is well in hand, we help identify vulnerabilities and offer strategies for long-term remediation—and also assess your notification requirements in order to develop and implement an appropriate notification response.
By thinking and acting like hackers, Advanced Discovery’s experts identify vulnerabilities in web applications and services, wireless networks and networked systems–then report our findings in an accessible, readable format, including recommended security countermeasures to reduce or eliminate risk.
We can also assess the security of new systems and technologies and assist you in identifying compliance issues that may compromise your overall security posture.
Keeping and storing outdated data—including customer, employee or patient information—is a proven liability for organizations of all sizes. That’s why an effective Information Governance plan must include data destruction policies and processes to ensure proper disposal of decommissioned or unnecessary devices and information.
Advanced Discovery’s experts provide on-site or off-site analysis, consultation and recommendations regarding best practices, including the most cost effective methods of destruction. We also perform physical and virtual data destruction in accordance with applicable regulations and standards. Certificates of Destruction can also be provided at the conclusion of the engagement.
According to regulations in various industries and jurisdictions, companies may only provide customer (or patient) data to third parties after it has been de-identified to ensure anonymity of individuals.
Advanced Discovery’s Data De-identification experts provide on-site or off-site de-identification services, including:
Cybersecurity Case Study
A health care company’s corporate network was subject to a ransomware attack. All of their corporate data and medical records, including patients’ personal health information (PHI) were encrypted. The hackers threated to destroy all information unless a significant amount of money was transferred. The company was referred to Advanced Discovery by their insurance company; as part of their cyber insurance policy – and because of their HIPAA compliance requirements – the company had to determine if there had been any data loss due to malicious exfiltration, or the unauthorized transfer of data from their network as part of the ransomware attack.
Advanced Discovery was engaged to determine if and to what extent there was a data breach containing PHI that would have to be reported to the Office of Civil Rights as part of their HIPAA compliance obligations. The expert would need to determine:
An Advanced Discovery data forensic specialist went to the client’s data center facility to take forensic images of the computer equipment involved in the ransomware attack, including log files of the client’s firewall, electronic medical records (EMR) and other relevant systems.
The specialist, along with additional experts from the data incident response team, identified and isolated the ransomware program. The team then analyzed the program in a secured environment by replicating the “hack” in order to determine if the software included exfiltration commands to transfer data outside of the client’s systems.
Within 2 days, the client was able to report to their insurance company and counsel, with defensible data, that there was no evidence of exfiltration—and therefore, the ransomware attack did not constitute a breach of HIPAA compliance standards. Advanced Discovery also provided a client-specific playbook on how to improve cybersecurity protocols based on their experience in working within their IT infrastructure.
Cybersecurity and Privacy Expert
David Grant is Advanced Discovery’s Director of Privacy, providing guidance on the proper collection, maintenance and disposal of PII and PHI. He has managed the international transfer of data in accordance with applicable regulations, and has ensured compliance with current privacy standards for both U.S. and European entities. David is a former prosecutor, criminal investigator and civil trial attorney.
+1 877 839 9986