The history of the Ars Medical medical facility dates back to 1991, when the Civil Partnership ‘Ars Medical’ was established, operating for a long period as the Ars Medical Clinic.
The driving force behind the creation of this private medical facility was the desire to provide alternative options for patients and eliminate a number of shortcomings in access to common medical services.
Over the following years, the company created new departments, clinics, and diagnostic labs to better serve its patients.
In 2016, a significant investment in expanding the Ars Medical facility was completed, and its effects are enjoyed by many satisfied patients.
Facts and figures
Full name
Ars Medical Sp. z o.o.
Industry
Healthcare
Products from the client's offer
- Hospital
- Clinics
- Diagnostics
- Treatments and surgeries
What did the client expect?
Ars Medical, as a medical facility, in accordance with the order of the President of the NFZ No. 8/2023/BBIiCD, was required to conduct a security audit. This order is the basis for funding – it requires the submission of a report from the conducted audit, indicating the improvement of cybersecurity levels among service providers. It is important that the report be carried out thoroughly, in accordance with the established requirements, which was ensured by PBSG. Our advantage also included flexibility, commitment, and a rich portfolio, which includes positive references from various medical entities, including hospitals and clinics.
What did we do?
WE PREPARED THE AUDIT PLAN
At the beginning, we prepared a work schedule, ensuring that our activities did not disrupt the daily operations of the facility. Then, we developed the audit plan, which included, among other things, infrastructure, documentation and procedures, access controls, and incident monitoring.
WE ANALYZED THE DOCUMENTS
The second step was the audit, during which we evaluated the documentation, including incident identification and management procedures, as well as the communication of information to the appropriate team. We also reviewed the reporting to the team and CSIRT units.
WE MET WITH THE EMPLOYEES
We conducted interviews with selected employees to gain a real assessment of how IT security policies are followed within the organization.
WE DELIVERED THE REPORT WITH RECOMMENDATIONS
Finally, we prepared a detailed and clear report, which included the audit results and recommendations for further actions.
What were the results?
Thanks to our assistance, Ars Medical received funding and successfully completed the project related to cybersecurity. The project also had a positive impact on raising awareness about information security within the organization and identified potential vulnerabilities that should be eliminated to enhance the facility’s resilience against possible incidents.
Ars Medical demonstrated an improved level of telecommunication security in accordance with:
- Regulation No. 8/2023/BBIiCD of January 16, 2023, regarding the financing of actions to enhance telecommunication security among service providers;
- Regulation No. 68/2022/BBIiCD of May 20, 2022, regarding the financing of actions to enhance the security of telecommunication systems of service providers, along with the preparation of a report from the conducted audit indicating the improvement of cybersecurity levels.
The audit, in addition to infrastructure and devices, including networks and servers, also covered the premises at the disposal of the team responsible for cybersecurity for entities that received a decision recognizing them as operators of critical services as mentioned in the Act on the National Cybersecurity System.
We examined all possible procedures and plans, including the business continuity policy, maintenance procedures, and the standards imposed on suppliers in contracts related to cybersecurity. Thanks to this comprehensive approach and thorough analysis, Ars Medical gained a real assessment of various areas linked to cybersecurity, impacting business continuity, personal data protection, and patient safety.
What did the client gain?
Obtaining funding and successfully completing the project.
Compliance with the requirements and obligations imposed by the President of the NFZ.
A clear and independent post-audit report.
Increase in awareness regarding cybersecurity and information security.
