Apollo Hospitals Bolsters its Enterprise-wide Cybersecurity Risk and Compliance Management with SAFE

“As a healthcare enterprise, people are trusting us with their most personal information. Therefore, it’s of paramount importance to us to protect PHI / PII and ensure that we continue to live up to that trust vested in us. SAFE Enterprise goes a long way in helping us do that through its quantified, trending view of breach likelihood of my critical assets and its rigorous compliance management.”
arvind sivaramakrishan
Arvind Sivaramakrishnan
CIO, Apollo Hospitals Enterprises Limited

Challenges

01
Lack of a real-time quantified view of risk posture and breach likelihood of critical components of Apollo’s infrastructure, especially their critical assets that store PHI data.
02
Absence of a centralized platform measuring the organization’s adherence to globally recognized compliance and regulatory frameworks in real-time
Securing patient, customer and organizational data is one of the top priorities for healthcare organisations. In addition to the high price offered for patient records in underground marketplaces, the rapidly increasing attack surface provides a great impetus for threat actors to attack the healthcare industry. Having touched lives of over 45 million patients across 121 countries and 70 hospitals, it was critical for Apollo Hospitals Enterprises’ CIO, Arvind Sivaramakrishnan, to ensure protection of millions PHI records and clinical repository of patients.

Additionally, in Asia, Apollo Hospitals have been the frontrunners in leveraging technology to build integrated healthcare delivery systems. Spanning across intelligent medical equipment, integration of Electronic Medical Records, and Hospital Information Systems, they have left no stone unturned in utilising technology to ensure enhanced access to medical care, improved convenience, and improved patient care.

However, the rapid adoption of emerging technology such as Artificial Intelligence / Machine Learning and cloud-based software brings with itself new vulnerabilities that can threaten security and compliance for the healthcare industry. Thus, compliance and regulatory frameworks that are typically enacted to protect systems and sensitive data, are adding to the complexity of security challenges. This is further compounded by the rising number of targeted cyber attacks against healthcare organisations.

Apollo Hospitals Enterprises Limited is a multi-location, multi-regional enterprise organisation comprising 45,000 employees.
Given the industry they are in, Apollo Hospitals’ IT operations and security team has been shouldering the responsibility of ensuring that their organization is working on the principles of security. At the same time they needed to ensure that these security principles reasonably adhere to the compliance standards and best practices set forth for their industry.

With patients arriving for treatments from over 121+ countries, it's crucial for them to adhere to security best practices laid out by internationally recognised cyber security standards and guidelines.
apollo hospital case study
Solution
To effectively deal with these most pressing challenges, Arvind brought in SAFE - an enterprise-wide, unified, and real-time Cybersecurity & Digital Business Risk Quantification platform for his organization’s hybrid environment.
Arvind’s decision to bring SAFE into Apollo Hospital’s environment has brought about (and continues to bring) the transformation he and his team have long been striving to achieve. SAFE helped the organization with the following unique capabilities:

Continuous Compliance Management

SAFE helps Apollo Hospitals to keep pace with information technology, industry influences and latest threats to systems and data. SAFE enables the organization to face multiple moving targets for managing controls and meeting requirements. With SAFE, Apollo Hospitals can continuously track and report their adherence to globally recognized industry-specific compliance standards on a centralized platform and smartly manage overlapping compliances

Arvind needed a solution that would provide him a framework for executing and realising his end outcomes associated with building a more robust enterprise cyber security posture. SAFE serves as that solution for him. This framework has been available, since time immemorial, in literature. Security guidelines and standards such as that of ISO, NIST and HIPAA have been around for years. However, with its unique positioning, SAFE has successfully brought these compliance and regulatory frameworks together under one platform that seamlessly plugs into Apollo’s enterprise class information technology

Cyber Risk Quantification

SAFE aids Arvind in quantifying the security challenges he encounters as part of enterprise risk management, in a manageable way and provides him a directional approach to solving them. This implies that his team now has the ability to start measuring the risk posture and breach likelihood of critical components of their infrastructure,

be it endpoints, databases as well as quantify employees' cyber risk, all on a single platform. Once the risks are identified and quantified, his team can then choose to decide whether they’d like to accept the risk or proceed with taking the desired remediation steps to address that risk.

Prioritise investments as part of technology roadmap

SAFE helps Arvind’s team to take critical decisions when it comes to prioritising the security investments as part of the organization’s technology roadmap. The quantified breach likelihood and risk scores help them decide which of the legacy technologies have to be replaced,

which assets have to be necessarily retired at each phase of the technology roadmap depending upon the risk they pose to the security of the organization.

About Apollo Hospital

Founded in 1983, Apollo Hospitals Group has been instrumental in bringing about the private healthcare revolution in India. With 70 hospitals across various cities in South Asia and the Middle East, this organization has treated over 45 million patients across 121 countries.

Industry
Healthcare

IT Environment
45,000+ employees; highly regulated

Benefits of SAFE Enterprise

  • Risk Quantification through breach-likelihood (SAFE score) per critical asset storing PHI, PII
  • Risk Quantification through breach-likelihood (SAFE score) per business unit
  • Risk Quantification through breach-likelihood (SAFE score) per asset across each vertical
  • Asset categorization as per Business Criticality
  • Everything on one dashboard (single source of truth) accessible by team members across various locations
  • Continuous Compliance Management

About Safe Security

Get Started with SAFE

Enterprises across all industries are rapidly transforming their businesses using SAFE Enterprise. Contact our experts and start your own SAFE Enterprise journey today.