Long-Term Cybersecurity and Managed IT Partnership for a NYC Community Healthcare Provider
How STIGroup helped a multi-site, not-for-profit outpatient clinic strengthen security, improve resilience, and maintain readiness through 15+ years of steady program growth.
Client name withheld for privacy. Details reflect the long-running engagement described in internal interviews.
|
Client |
Not-for-profit, multi-specialty outpatient clinic serving a local community in New York City (Brooklyn). |
|
Established |
1978 |
|
Locations |
One primary clinic plus several smaller satellite sites. |
|
Engagement |
Started around 2010 (15-16+ years). |
|
Primary goals |
Reliable day-to-day IT operations, ransomware-focused resiliency, and right-sized HIPAA security readiness. |
Executive summary
For more than a decade and a half, STIGroup has served as the clinic’s trusted IT and cybersecurity partner. The organization operates multiple outpatient sites and relies on a hybrid technology environment: a cloud-based EHR platform alongside on-premises services that remain essential for reporting, file/print, and specialty practice workflows. STIGroup delivers managed IT operations and a steadily maturing cybersecurity program designed for healthcare realities - strong endpoint protection and monitoring, practical identity and perimeter controls, and consistent assessment and readiness support - without introducing unnecessary complexity.
Client background
The client is a community-based healthcare provider in New York City that offers primary care, dental services, and additional outpatient specialties. It operates a central clinic location supported by several satellite sites, serving patients across a defined neighborhood area. The clinic has been established since 1978 and has steadily grown its services and technology footprint over time.
Challenges
- Supporting multiple sites with consistent IT operations, connectivity, and security controls.
- Maintaining a hybrid environment after the EHR moved to a cloud SaaS platform while keeping critical on-premises reporting and file/print services dependable.
- Improving resilience against ransomware and other healthcare-targeted threats without exceeding a community-clinic budget.
- Meeting ongoing requirements such as annual HIPAA security risk assessments and evidence needed for cyber insurance renewals.
- Ensuring leadership confidence during high-pressure events - response quality during incidents directly impacts patient care and organizational trust.
STIGroup approach
STIGroup’s approach focused on long-term program building: establish a strong managed IT foundation, layer in cybersecurity capabilities over time, and continuously adapt controls to the clinic’s changing needs, budget, and risk environment. A key element of the partnership is trust - healthcare providers must grant deep access to systems and sensitive data to enable effective support and monitoring. STIGroup earned and maintained that trust through responsiveness, transparency, and consistent follow-through when challenges arose.
Solutions delivered
|
Service area |
What was delivered |
|
Managed IT operations |
Service desk support, endpoint management (RMM), backup management (offsite and cloud), and ongoing support for core on-premises services (file/print and locally hosted reporting) and specialty practice applications. |
|
Identity and perimeter controls |
Firewall management and multi-factor authentication (MFA) platform management to reduce account and perimeter risk. |
|
Endpoint protection and 24x7 response |
24x7 security monitoring and response for endpoint detection and response (EDR) and next-gen antivirus to help detect and contain suspicious activity quickly. |
|
Visibility and integrity monitoring |
Log management for security visibility and file integrity monitoring to strengthen detection of unauthorized changes. |
|
Assessments and testing |
Annual HIPAA security risk assessments to guide improvements and annual penetration testing to validate exposure and inform remediation. |
|
Human-layer protection |
Security awareness training and phishing simulations via a managed platform to reduce social engineering risk and reinforce safe behaviors. |
|
Readiness support |
Ongoing support for cyber insurance renewal questionnaires and evidence alignment around key controls such as email security, MFA, access control, endpoint protection, and monitoring. |
Engagement model
The clinic’s environment and patient-care mission require a partner that is present, responsive, and invested in understanding how technology supports day-to-day operations. STIGroup maintained regular communication with the clinic and conducted periodic on-site visits to support hands-on work, align priorities, and address operational realities across locations.
- High-touch support with a consistent service desk and operational cadence.
- On-site engagement as needed for infrastructure and multi-location coordination.
- Incremental security maturity over time rather than disruptive, one-time overhauls.
- Straightforward guidance during incidents and planning cycles, with clear tradeoffs and budget-aware recommendations.
- Collaboration with third-party partners when specialized expertise was required, while STIGroup remained accountable for outcomes.
Outcomes
Over the course of the engagement, the clinic strengthened its technology foundation and built a practical cybersecurity program aligned to healthcare risk. While specific metrics vary by year and initiative, the program delivered consistent improvements in resilience, readiness, and day-to-day operational confidence.
|
Improved ransomware resilience |
Backups, endpoint protection, and 24x7 monitoring were prioritized to reduce the likelihood and potential impact of disruptive attacks. |
|
Stronger security visibility |
Centralized log management and integrity monitoring supported more effective detection and investigation of suspicious activity. |
|
Sustained HIPAA readiness |
Annual HIPAA security risk assessments helped the clinic track risk, prioritize remediation, and document progress over time. |
|
Reduced exposure through validation |
Annual penetration testing provided a repeatable way to validate security posture and verify that remediation efforts were effective. |
|
Better insurance evidence and control alignment |
The clinic was supported in preparing cyber insurance renewals by aligning evidence to expected control areas such as MFA, access control, monitoring, and email security. |
|
Leadership trust and continuity |
The relationship deepened over 15+ years because STIGroup consistently showed up during hard moments and provided candid, dependable guidance. |
Why STIGroup
Healthcare organizations can choose from many IT and security providers. The clinic continued to partner with STIGroup because the team combines strong technical depth with a pragmatic delivery style: responsive support, candid communication, and a steady focus on building a program that fits the organization’s mission and constraints.
- Trusted partnership built over time through reliability and transparency.
- A right-sized, outcomes-focused security program that evolves with the organization.
- Operational discipline: consistent support, documented readiness activities, and repeatable testing.
- Flexibility to collaborate with other partners while remaining accountable to the clinic.
Looking ahead
As the clinic continues to modernize, STIGroup supports ongoing improvement initiatives such as Microsoft 365 enhancements, identity hardening, and continuous resiliency tuning. The partnership remains focused on maintaining secure, dependable operations while adapting to a fast-changing healthcare threat landscape.
About STIGroup
STIGroup is a cybersecurity and IT managed services provider focused on long-term customer relationships. We help organizations build and mature cybersecurity and IT programs over time, aligning technical controls with real business needs and evolving risk.
Interested in a similar engagement? Contact STIGroup to discuss a right-sized managed IT and cybersecurity program for your organization.