A CIO’s Approach to Continuous Improvement and Maturity
Illinois-based Silver Cross Hospital takes patient safety and privacy to heart in its three-pronged approach to security rooted in governance, best practices, and corrective action plans. Balancing these three critical priorities can prove challenging for any CIO, especially when there is constant change in the business, technology, and threat landscapes.
After getting a fresh perspective from a prominent healthcare firm, Silver Cross wanted to update its risk, security, and governance program in alignment with constantly changing business, industry,
and cyber insurance requirements. They decided to move forward with Burwood Group’s vCISO services, as the methodology, flexibility, and receptiveness to feedback made Burwood the best fit.
Accelerating Security Maturity in Governance and Risk Management
Keeping current with trends, methodologies, and technologies has enabled Silver Cross to successfully treat patients with the best care possible for over 125 years. The hospital embodies this core value as part of its security and risk management program. Silver Cross Hospital recognized that it was time to update the program to better prepare for the future of business in a technology-enabled environment facing increased cyber threats. Silver Cross needed a partner well-versed in the latest developments in security and the healthcare sector overall. After a deep vetting process, they chose Burwood Group.
After gaining a thorough understanding, Burwood Group customized Silver Cross Hospital’s approach, which helped guide the modernization of the existing governance program. Burwood Group helped to reframe the “why” while bringing a wide lens on governance throughout the entire organization, which activated deeper engagement with all the hospital’s governance stakeholders.
Burwood Group’s 25 years of direct experience in the healthcare sector contributed to the streamlining of Silver Cross Hospital’s processes which helped accelerate the program’s deliverables:
• Crucial updates to essential governance requirements
• Optimizations in policies and compliance requirements
• Creation of a well-informed corrective action plan
Balancing Priorities with a Three-Pronged Approach
Silver Cross sought expert advice through Burwood Group’s Virtual CISO (vCISO) service to help refine its existing policies. Burwood Group seamlessly transitioned into the program, tapping into its vast experience in the healthcare sector, which gave the team the ability to meet the initial program requirements while providing additional hands-on guidance to better align the program with the hospital’s three-pronged approach:
Compliance readiness: Burwood Group helped identify the business risks and what must be protected in the environment.
Cyber insurance preparedness: Burwood Group assisted in identifying gaps in policies and got buy-in from all stakeholders.
Corrective action plan effectiveness: Burwood Group collaborated with the IT organization to examine and refresh the corrective action plan.
While Burwood Group brought decades of collective experience and expertise to the engagement, the team at Silver Cross Hospital valued Burwood Group’s openness to collaboration and flexibility in communication, change, and modifications to effortlessly integrate with the hospital’s unique culture.
Technical Governance Evaluation Drives Results
Burwood Group went beyond the core advisory service to provide additional value in technical consulting. For example, a detailed tabletop exercise was conducted to assess Silver Cross’ cybersecurity posture and disaster recovery preparedness. This exercise helped inform the governance and remediation strategy, accelerating the governance program’s plan and implementation.
““Meeting cyber insurance requirements can be challenging as they must be balanced with industry standards, best practices, and a CAP based on security, risk, and compliance assessments. Burwood Group helped us cover all three without forcing us to sacrifice priority or quality in any part of our three-pronged approach.””
The Value of Burwood Group’s Team and Services
Burwood Group’s team makeup and expertise in healthcare provided crucial sector-specific insights.
Burwood Group provides Silver Cross Hospital with detailed benchmarking across cybersecurity, risk management, and compliance, providing an unbiased, more complete view to supplement those offered by the cyber insurance sector.
Silver Cross Hospital can focus on delivering advanced patient care and an unrivaled healthcare experience without compromising security or compliance.
Informed Action Plans Define the Future
Tabletop exercises led by Burwood Group were thorough and provided clear takeaways, which Silver Cross Hospital leveraged to take the program even further. By analyzing and enriching existing annual goals, Silver Cross Hospital has a clear plan and can take action on its security maturity requirements for many years.
Beyond cybersecurity and risk, Burwood Group has deep experience in a broad range of IT and business operations and remains a regular source of expert advice across many of the hospital’s technology-enabled programs.
Burwood Group Expertise
About Silver Cross Hospital
Original hospital opened 1895
130-acre campus opened 2012
2,900 employees
900 physicians
700 volunteers
2021 saw over a quarter million patients
““Burwood Group brings a collaborative, consultative approach to cybersecurity and beyond, helping me make better-informed decisions as a CIO.””