Kivu is a nationally recognized cyber security leader for the healthcare industry.
Kivu has a depth of practical experience providing pre-emptive risk assessments for and responding to cyber incidents among healthcare organizations and their business associates. We have provided the forensic analysis in dozens of healthcare data breaches, including some of the largest in the US. Our healthcare cases have ranged from major hospital breaches, which made national headlines, to inadvertent disclosure of sensitive data by small business associates.
Kivu works with covered entities and business associates to determine if a breach has occurred, identify the source or vector of the attack, and determine the extent of potentially compromised data. In many cases, Kivu’s forensic analysis has proven that Personal Health Information (PHI) was not compromised, or that the amount of PHI affected was significantly less than feared. In such cases, our clients have avoided unnecessary notification costs and public relations damage.
We are experienced with the unique technical and legal challenges of the healthcare industry
Our clients span the healthcare ecosystem, including: large hospitals, specialty medical practices, third party billing providers, online/Cloud/SAAS business associates, non-profits, pharmaceutical companies, and research institutions. Our analysts are experienced with the technology most likely to be the center of healthcare data incidents, such as: electronic patient record systems, niche patient tracking systems, and data storage systems, often connected to medical and diagnostic devices.
Kivu is experienced with the unique technical, and legal challenges facing HIPAA covered entities. We have successfully investigated different causes of lost or stolen PHI, including laptop theft, improper subcontractor data handling, network hacking, and employee misconduct.
HIPAA risk assessment services
Kivu can conduct an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of PHI. Once the risk analysis is complete, Kivu will guide the covered entity in carrying out “reasonable and appropriate” steps to reduce identified risks to reasonable and appropriate levels.