The integrity and security of Pediatrix information systems and data are critical to its business. Electronic clinical information systems play a significant role in the company’s operations.
Pediatrix takes extensive steps to protect the security of these systems and the data contained within them. It continually tests the suitability of its security and disaster-recovery measures and has implemented administrative, technical and physical safeguards within its systems and employed processes to help prevent unauthorized access.
The company follows the National Institute of Standards Technology cybersecurity framework, which provides best practices to prevent, detect and respond to cyberattacks.
As part of its modern information security program, Pediatrix continually monitors, evaluates and tests the tactics, tools, techniques and processes used by threat actors to adequately prepare and provide a trusted environment for its patients, clinicians, associates and other stakeholders.
The external risk-assessment process includes:
- Information-security reviews.
- Penetration tests.
- Continuous internet perimeter vulnerability scanning and evaluation.
- Industry and expert security collaboration in current and emerging threats.
- Incident-response exercises.
The company practices resilience on a routine basis through:
- An annual incident-response-plan exercise.
- Disaster-recovery exercises.
- Corporate business-continuity exercises.
- Penetration tests and risk assessments performed by external parties.
- Continual security-awareness training for all associates and board members, including quarterly email-phishing exercises.
- Continual advancements of tools and techniques that focus on vulnerability threat intelligence, discovery and patching to protect and defend the environment.
- Regular reports to the board of directors on the company’s information security, which occur at least annually.