Case Study

The NIH CIT Remediates Critical Public-Facing Cybersecurity Vulnerabilities

Guidehouse collaborated with the National Institutes of Health’s Center for Information Technology to remediate high-risk cybersecurity vulnerabilities and increase configuration management compliance.

Challenge

The National Institutes of Health (NIH) is a complex organization with 27 Institutes and Centers continuously working to advance and enhance biomedical research. Its Center for Information Technology (CIT) provides and secures enterprise IT services and infrastructure for the NIH.

Guidehouse has helped the NIH advance its critical and complex mission for more than a decade. When the CIT needed help developing and implementing a new Information Security Program, Guidehouse supported the program with nearly every aspect of security operations.

 

Solution

In 2019, the NIH awarded Guidehouse a one-year project to support the CIT in creating a proactive and strategic cybersecurity risk management program.1 This project includes improving vulnerability management, configuration management, asset management, incident response, and risk management.

Guidehouse works with CIT teams to understand and document their current state; identify and analyze gaps and redundancies; and develop and implement standardized enterprisewide tools and processes to help the CIT achieve a more integrated approach to cybersecurity.

Supporting the program’s incident response capabilities, Guidehouse also helps CIT leaders respond to incidents, train CIT personnel on NIH’s incident response tool, and run multiple tabletop exercises to practice what they’ve learned and identify areas for continuous improvement.

 

Impact

  • Remediated overdue critical public-facing and high-risk vulnerabilities in less than six months
  • Developed a phased approach for testing and deploying configuration settings, increasing configuration management compliance
  • Supported the CIT in reaching its goal of becoming a proactive security organization and resource for all of NIH

Guidehouse has since been awarded an additional three years to continue work with the NIH to support the CIT’s cybersecurity strategy.

Ranked the third largest healthcare IT consulting firm in 2023 by Modern Healthcare, Guidehouse has delivered cybersecurity solutions to commercial and public sector organizations, including the Centers for Medicare & Medicaid Services, the Centers for Disease Control and Prevention, Anthem, and multiple healthcare providers. Our team includes experts formerly responsible for protecting U.S. national security systems against cyberthreats.

 

Learn about Guidehouse's Cybersecurity Solutions

 

____________________________________________________________________________________________________

1https://health.g2xchange.com/guidehouse-picks-up-30m-in-it-and-digital-strategy-support-task-wins-at-nih/


Let Us Guide You

Guidehouse is a global consultancy providing advisory, digital, and managed services to the commercial and public sectors. Purpose-built to serve the national security, financial services, healthcare, energy, and infrastructure industries, the firm collaborates with leaders to outwit complexity and achieve transformational changes that meaningfully shape the future.

Stay ahead of the curve with news, insights and updates from Guidehouse about issues relevant to your organization and its work.