The Client Challenge

As New England-based Southcoast Health expanded from a hospital to health system, leadership identified the need to perform a cybersecurity readiness assessment before developing new business models that could increase their risk exposure.

Top Cybersecurity Threats to Healthcare:
  • Phishing
  • Ransomware
  • Third-party risks
  • Medical device security
  • Insider threats

Navigating to Next: The Solution

Southcoast Health is a not-for-profit, community-based health system with multiple access points, offering an integrated continuum of health services throughout southeastern Massachusetts and Rhode Island. The Chartis Group partnered with Southcoast to conduct an IT strategy refresh and cyber risk assessment to prepare Southcoast for continued business transformation. 

Chartis supported this effort by including an assessment that considered current threats and related cybersecurity capabilities, given the desire to expand digital strategies. The assessment also evaluated capabilities of the current security program while focusing on cyber threats in the healthcare sector.

Additional areas of focus were key programs and governance relating to: 
  • Medical Device Security
  • Risk and Compliance
  • Vendor Risk Management

Southcoast had performed a separate enterprise-wide risk assessment, which further validated the cybersecurity risks.

Navigating to Next: Key Components

Cyber Security


Reframe and confirm the organization’s business strategy

Cyber Security


Evaluate current threats, capabilities, and risk treatment recommendations

Cyber Security


Align plan to address gaps and enhance capabilities to enable business strategies

Cyber Security


Ensure implementation plan and deliverables address stated objectives

Cyber Security


Perform ongoing monitoring, maintenance, and optimization of cybersecurity hygiene

Client Impact

As an output of the security assessment, Southcoast quickly demonstrated significant enhancements to its cybersecurity program, including vendor risk management (from pre-contract to partnership decisions with ongoing monitoring), maturity improvements with network security, and enhanced 24/7/365 support and monitoring. 

Southcoast also greatly enhanced visibility into the cybersecurity program and its overall alignment to the business. This was made possible by implementation of stronger governance, heightened incident response preparedness, improved business impact analysis/business continuity planning, and matured processes around third-party evaluations. Senior leadership is now well positioned to better understand how well the program is supporting key business strategies while reducing overall risk.

Southcoast Health is a not-for-profit, community-based health system with multiple access points, offering health services throughout southeastern Massachusetts and Rhode Island:
More Than

service locations across Southeastern Massachusetts, including 3 acute hospitals




medical staff

How We Are Making Healthcare Better

Business transformation doesn’t happen without trust. And strengthening cybersecurity measures enables the trust foundation for investment and innovation. ”

Jim Feen

Next Intelligence

Maturing cybersecurity measures beyond technical controls can enable business strategies:
  • Integrating cybersecurity and business priorities can enable effective outcomes of business strategies
  • Regular engagement with senior leaders and key stakeholders ensures appropriate support
  • Utilizing industry-accepted frameworks can provide the building blocks for establishing and monitoring an effective security program

Related Insights

Contact us

Get in touch

Let us know how we can help you advance healthcare.

Contact Our Team
About Us

About Chartis

We help clients navigate the future of care delivery.

About Us