Case Study: Enhancing Electronic Health Record Cybersecurity Across the Defense Health Marketplace

Subject: Marketplace Cyber Support

The Challenge:

The client is overhauling the Air Force, Army, and Navy Military Treatment Facilities (MTF) into one DHA enterprise. This effort involved a massive transition of legacy Navy, Air Force, and Army networks, infrastructure, medical devices and applications to one standardized Medical Community of Interest (MedCOI).  Adding to this massive reorganization and transition to new network is the rollout of MHS Genesis, a multi-billion dollar update to the MHS’ legacy Electronic Health Record (EHR) solution.

Together, these efforts bring major updates to desktops, infrastructure, security services, and Information Technology (IT) service delivery. Via centralization, the client hopes to significantly improve the security portability and accessibility of service member and dependents’ medical records and health information. The sheer scale of this endeavor requires harmony between Enterprise and local cyber resources, processes, and capabilities. Meanwhile, personnel onsite are often overburdened with enterprise imposed requirements and to provide local site support for healthcare.

The Solution:

Sentar established a distributed Risk Management Framework (RMF) and cybersecurity team called the Marketplace Cyber team, to support a global environment and ease the overall cyber burden at facilities. Each team consists of System Security Analyst (SSA) and Information Systems Security Managers (ISSM) with a team administrator. There are several fundamental goals to this approach.  First, teams are designed to build business knowledge to identify and utilize “best of breed” processes from one service-line to the next. Next, dispersal of teams to each of several regions affords rapid response to issues at facilities in real-time. Finally, the Marketplace Cyber team employs a “one-team” culture, which allows the team use and share the same processes, infrastructure privileges, and to share common work characteristics.

The Mission Impact:

•     Maximized Enterprise Productivity:

In total, the team has accelerated work on 165 cyber authorizations, ceasing the downward spiral of unauthorized systems. Moreover, through streamlined business processes, the team is capturing risk data for 40 sites on the new network environment in real-time.

•     Enhanced Strategy Development:

The team’s widespread visibility into sites across the enterprise has proven useful in strategy development based on the ability to rapidly disperse messages, collect data, and make informed decisions.

Share This Post

Stay up to date with the latest news.