Daniel Marcellus, President & CEO, SkyPort IT, Inc.
It’s action time and Daniel Marcellus, President and CEO of the holistic IT and managed data security services provider, SkyPort IT, appoints one of his personnel to secretly inspect how one of their clients from the healthcare industry handles the social engineering situation. In the covert test, the appointee calls up the client and says, “Hello, I am Jimmy, working across the street and our computers are down. Could you tell me who you usually contact for immediate IT assistance?” The employee on the other end mutters, “We have SkyPort IT as our IT partner and…” As the employee reveals the name of their IT vendor on the phone without verifying the caller’s identity, trouble soon knocks the door. The appointee creates a logo and badge that mimic SkyPort IT’s branding and uses it to get past four departments in the client location, getting hold of login credentials for various proprietary assets at every stage, and eventually gaining access to PHI information. This entire episode was recorded by the appointee that was later edited to train the client’s workforce to deal with social engineering scenarios.
SkyPort IT dons many roles for different healthcare organizations that do not have a C-level executive for technology and security management. “We are our clients’ CIO and CTO. We also offer HIPAA Privacy Security Officers entrusted for the ongoing management of information security policies, procedures, and technical systems,” says Marcellus. Unlike other IT vendors who fail to abide by the HIPAA regulations and have a single-layered approach to security, SkyPort IT addresses both the security and compliance challenges by marrying IT and HIPAA.
SkyPort IT will process and filter every communications at multiple layers for viruses, spam, and spoofing on behalf of its clients
In today’s healthcare industry, there is a growing gap between the IT and HIPAA because the decision makers at the healthcare organizations treat these two topics as disconnected ‘black boxes.’ As the available security solutions in the market aren’t foolproof, the organizations need more than one security layer and a robust filtering process to fortify their IT infrastructure. Taking a multi-layered approach to IT and information security, SkyPort IT pre-processes and filters every e-mail and web content at multiple layers at multiple layers for viruses, spam, and spoofing on behalf of its clients (since most organizations use email for communication). SkyPort IT’s web-based HIPAA portal covers the whole spectrum ranging from policies to procedures through risk assessment. The portal not just processes the paperwork but also offers templates, helping clients provide comprehensive HIPAA training to their employees. Team SkyPort IT then performs a HIPAA audit by scanning the systems. On receipt of the summary report, the client can have complete visibility into their compliance performance. In the event of a risk, SkyPort IT steps in immediately with a fix.
SkyPort IT offers managed security services to close any gaps found in the audit. The intent is to help the client provide the evidence of having done the due diligence every time an auditor walks in. Typically, once the auditors are done with their auditing and finding deficiencies, they give a score on that audit. In the following year, SkyPort IT does another audit to check the current status and suggests measures to improve the score. Showing improvement over time is ideal in an audit situation.
SkyPort IT continues to innovate its products and offerings, helping healthcare organizations to overcome the limitations in meeting IT, security, and HIPAA compliance requirements. Marcellus concludes, “Continuing on our efforts, we are expanding social engineering training, auditing and security solutions to stay ahead of the bad guys.”