Some call it “practicing what you preach.” Others say you should “eat your own dog food.”

No matter the moniker, SDLC Partners saw the “writing on the wall” as consumer-centric, digital technologies were reaching further into everyday life and their nationally renowned health care clients wanted to engage consumers in the new digital age. This journey of digital transformation that SDLC Partners guides its clients through revealed an untoward affect — exposure to exponentially more cybersecurity breaches.

SDLC Partners addressed this need as a legal entity, for themselves and for their clients, by creating their own cybersecurity firm — CyLumena — and achieving HITRUST CSF certification, the gold standard of health care data security frameworks.

“Digital transformation is key to our healthcare clients. It’s fuel for engagement and value-based care, but also rife with heightened and serious security risks that CyLumena was created to address,” says Scott Barnyak, SDLC Partners’ co-founder and chief marketing officer.

SDLC Partners’ HITRUST CSF certification effort was led by Information Security Engineer, Denis Skorskiy, a Certified CSF Practitioner and John Vorchak, CISO. According to Skorskiy, “Guiding SDLC Partners through the HITRUST CSF certification has improved how we see risk management for ourselves and for our clients.”

“Digital transformation is key to our health care clients. It’s fuel for engagement and value-based care, but also rife with heightened and serious security risks…”

“SDLC Partners pursued HITRUST certification as the most comprehensive and scalable approach to health care data security available today. It’s critical to the health and success of their clients, and it’s fundamental to the nature of our service,” stated Carl Kriebel, Managing Director of CyLumena, wholly owned by SDLC Partners.

Together, SDLC Partners and CyLumena work to ensure that any system that touches patient data is hardened. Mr. Barnyak continues, “It’s our responsibility as business associates to our health care clients, but also, for our clients to offer that level of confidence and security to the patients and members they serve in Pittsburgh and beyond.”

Mr. Kriebel highlights one of the blind spots most healthcare organizations have and the key reason for SDLC Partners to pursue HITRUST CSF certification. “Most health care organizations don’t thoroughly know which of their systems touch which types of patient/member data. You can’t protect what you can’t see.”

CyLumena advocates using a comprehensive approach, incorporating control requirements outlined in leading frameworks, such as the HITRUST CSF, to ensure a full, end-to-end view of systems, data and connections. Kriebel suggests to clients that they start with a formal entity assessment to inventory all systems and potential data exposure points and, then, instill a more robust risk assessment and mitigation model to decrease those exposure points and vulnerabilities.

Kriebel explains, “It’s a common HIPAA offense when health care organizations unwittingly create data privacy leaks during software development, IT projects and implementations.”

Scott Barnyak provides a caution, “The best way to digitally transform in health care is to have an equal eye towards data security and our responsibility to patients and members. We believe that our HITRUST CSF certification and the rigor of the controls that it espouses, gives health care the best opportunity for more secure transformation and consumer engagement.”

By Susan Harkema