The confidentiality, integrity and availability of Pediatrix information systems and data are critical to its business. Electronic clinical information systems play a significant role in the company’s operations.
Pediatrix takes extensive steps to protect the security of these systems and the data contained within them. It continually tests the suitability of its security and disaster-recovery measures and has implemented administrative, technical and physical safeguards within its systems and employed processes to help prevent unauthorized access.
The company follows industry leading security frameworks such as the National Institute of Standards Technology Cybersecurity Framework , which provide best practices to prevent, detect and respond to cyberattacks.
As part of its modern information security program, Pediatrix continually monitors, evaluates and tests the tactics, tools, techniques and processes used by threat actors to adequately prepare and provide a trusted environment for its patients, clinicians, associates and other stakeholders.
The external risk-assessment process includes:
- Information-security reviews.
- Penetration tests.
- Continuous internet perimeter vulnerability scanning and evaluation.
- Industry and expert security collaboration in current and emerging threats.
- Incident-response exercises.
The company practices resilience on a routine basis through:
- Conducting incident response plan, disaster recovery and business continuity exercises.
- Penetration tests and risk assessments performed by external parties.
- Continual security-awareness training for all associates and board members, including quarterly email-phishing exercises.
- Continual advancements of tools and techniques that focus on vulnerability threat intelligence, discovery and patching to protect and defend the environment.
- Regular reports to the Board of Directors on the company’s information security, which occur bi-annually.