The Guthrie Clinic enhances cybersecurity and builds a cyber-aware culture with a successful HITRUST e1 readiness assessment
Baker Tilly helps The Guthrie Clinic enhance cybersecurity with a successful HITRUST e1 readiness assessment.
Client background
The Guthrie Clinic is a non-profit, multi-specialty health system that integrates clinical and hospital care with research and education. The organization operates six hospital campuses and a network of outpatient facilities across Pennsylvania and New York, employing approximately 10,000 individuals. As part of its commitment to data security and compliance, The Guthrie Clinic engaged Baker Tilly to achieve the HITRUST e1 certification, thereby ensuring alignment with industry-leading cybersecurity standards.
The business challenge
With the increasing frequency of cyber threats targeting hospitals and healthcare systems, The Guthrie Clinic recognized the need to strengthen its cybersecurity framework. Two primary drivers led to the engagement with Baker Tilly:
- New York State’s stringent cybersecurity requirements for hospitals and health systems necessitated compliance with enhanced security protocols. These requirements aim to protect sensitive patient data, mitigate cybersecurity threats, and ensure healthcare organizations implement strong risk management and incident response measures.
- Guthrie’s mission to remain a best-in-class primary and specialty care provider required a robust and integrated approach to cybersecurity.
By partnering with Baker Tilly, The Guthrie Clinic sought to establish a secure foundation that aligns with regulatory expectations and enhances its overall security posture.
Strategy and solution
Baker Tilly provided specialized guidance to help Guthrie navigate the HITRUST e1 certification process. Our initiatives were to:
- Conduct a comprehensive HITRUST e1 readiness assessment to evaluate existing cybersecurity controls and identify gaps.
- Increase internal awareness and visibility of cybersecurity concerns, fostering a culture of vigilance and accountability within the organization.
Business impact
Since Guthrie’s collaboration with Baker Tilly, the clinic has:
- Enhanced compliance with New York State’s cybersecurity mandates, ensuring alignment with regulatory requirements.
- Improved cybersecurity governance through structured assessments and proactive risk management through an internal control reporting process. This has allowed Guthrie to allocate more resources towards problematic control areas.
- Strengthened their resilience against cyber threats by embedding leading practices into daily operations.
- Fostered greater executive and employee engagement in cybersecurity initiatives, driving a cultural shift towards heightened security awareness.
Working with Baker Tilly has been transformative for our organization. Their expertise and proactive approach streamlined our journey to achieving HITRUST certification, ensuring we met every requirement efficiently and effectively. The team's professionalism and dedication to our success were truly unparalleled.Tamara Lauterbach | Cybersecurity Manager | The Guthrie Clinic
Next steps - Baker Tilly and The Guthrie Clinic's continued collaboration
Next, Baker Tilly will proceed with validating Guthrie’s e1 controls to ensure they meet certification objectives. This includes conducting walkthroughs, gathering evidence and submitting the final assessment to HITRUST for certification approval.
The Guthrie Clinic's HITRUST journey with Baker Tilly
Connect with usBaker Tilly and The Guthrie Clinic sat down to discuss the importance of HITRUST certification in enhancing cybersecurity for healthcare organizations. Achieving HITRUST certification helps healthcare providers protect sensitive patient data, comply with regulatory requirements and build trust with patients and partners.
Learn more about The Guthrie Clinic's journey with Baker Tilly and the role HITRUST plays in streamlining compliance efforts and improving overall security posture.
Article Tags
Next up