Halifax Regional
Case Study

Halifax Regional’s internal infrastructure team sits at 15 individuals to support its 800-employee operation, which means everyone wears multiple hats and no one is dedicated. Two or three years ago Halifax could make do, but with the increasing cybersecurity headlines and shifting requirements, they knew something had to change. The Center required dedicated security expertise to shift what once was an episodic effort to a more regimented, day-in and day-out approach to cybersecurity. Halifax needed to be ready for an OCR audit, they needed guidance on how to approach activities like a tabletop exercise, and they were particularly interested in a vendor assessment for their business associates.

Companies hire vendors they’re comfortable with, and Halifax knew Agio well. We had previously conducted their HIPAA Risk Assessment, and our companies were active together among similar trade associations. This helped start the conversation, and the ongoing advisory and consulting our 360° service offers finished it. The personal guidance and accessibility to a vCISO, who knows Halifax’s environment and who continues to evolve with them over the 24-month program, made the difference. Agio’s audit assistance, tabletop exercises, and the specific vendor assessment Halifax was looking for – wrapped in a program that still flexed with their current security efforts – was everything the medical center needed to feel comfortable this partnership was the right one.

We met with their board for an initial cybersecurity briefing to kick off Halifax’s program, and we’ve continued our efforts and communication in our monthly meetings with their direct, internal team. Aside from executing on the program’s lifecycle elements, we’ve recommended a paperless solution for onboarding across departments, which has since been successfully implemented. Halifax is thrilled with the open collaboration they have with Agio, and we look forward to continuing to grow and strengthen our relationship.