AHA Preferred Cybersecurity & Risk Provider Program
Protect Your Patients and Business Operations from Cyberthreats and Other Risk
The nation’s hospitals and health systems are facing many high-risk challenges and threats in their efforts to provide quality patient care and maintain business operations — two of which are cyberattacks and physical threats. To address these rising threats, many health care organizations are making cybersecurity and physical security part of their existing governance, risk management, and business and clinical continuity frameworks.
To support its members in these efforts, the AHA has established a Preferred Cybersecurity & Risk Provider Program. The goal: to identify trusted providers with vetted services that can help hospitals and health systems protect their patients and operations from cyberattacks and physical threats.
AHA Preferred Cybersecurity & Risk Providers
- Cyber Incident Response
- Automated data breach prevention, detection, and defense solutions
- Cyber Firm Risk Management and Information Governance
- Cyber Risk Assessment, Privacy and HIPAA Compliance
- Physical Security Advisory Services
- Security Executive Recruiting, Coaching and Organizational Design
- Identity Verification
- C-SCRM: Entity Level and Software Level Cyber Supply Chain Risk Management Services
- CORE Program (Cybersecurity Oversight & Resilience Engagement)
- Data Privacy Governance Assessment and Development
- Managed Detection and Response (MDR)
- Healthcare Security Program, which includes MDR, Incident Response Planning, HIPAA Security Risk Assessment and Continuous Vulnerability Identification (CVI) services
- RiskRecon Third-Party and Supply Chain Monitoring and Visualization Services
- Microsoft Cybersecurity Program for Rural Hospitals
- Secure Payroll and HCM Services
- Medical Device Cybersecurity Managed Service
Aon's Cyber Solutions are world-class cyber security professionals building confidence in a world of uncertainty. Offering holistic cyber risk management solutions, unsurpassed investigative skills, and proprietary technologies, we help clients uncover and quantify cyber risks, protect critical assets, and recover from cyber incidents. Our clients call us - and we're at our best - when the stakes are high and the potential for damage is great. We are united by a common goal: to protect today and safeguard tomorrow.
Cyber security services are offered by Stroz Friedberg Inc. and its affiliates. Insurance products and services are offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates.
Services
- Cyber Insurance Brokerage
- Cyber Incident Response
Censinet enables healthcare organizations to take the risk out of their business while protecting patient care with Censinet RiskOps™, the first and only cloud-based exchange that integrates and consolidates enterprise risk management and operations capabilities across critical clinical and business areas. Healthcare professionals and technology leaders created Censinet to enable a scalable method for identifying and managing risk specific to healthcare, such as data breaches, ransomware, and supply chain disruption. Trusted by leading healthcare providers, Censinet helps organizations address risk across their business, including vendors and third parties, patient data, medical records, research and IRB, medical devices, the supply chain, and more. Censinet works with IT, Security, Risk, and GRC teams within healthcare organizations of varying sizes, ranging from local clinics and regional hospitals to large healthcare systems, as well as important third-party vendors and suppliers that support providers.
In addition to its extensive base of healthcare providers and vendors, Censinet also works with leading healthcare research organizations, digital health innovators, and standards bodies to elevate the cybersecurity risk posture of healthcare providers and vendors. This work includes the HHS 405(d) Program and Task Group, MassChallenge HealthTech, KLAS Research, and more. Through its KLAS partnership, Censinet helped establish a first-look set of ‘Cybersecurity Transparent’ preparedness ratings for vendor products evaluated by KLAS in the healthcare space. All of these cybersecurity and risk collaborations leverage Censinet’s flagship offering, Censinet RiskOps, an integrated platform built upon a collaborative risk network of more than 8,000 vendors and 19,000 products serving the healthcare industry.
Services
- Cyber Firm Risk Management and Information Governance
- Cyber Risk Assessment, Privacy and HIPAA Compliance
Celerium engineers cyber and data breach defense, detection, and containment solutions that are easy to implement and manage with minimal IT effort. We leverage our rich, 19-year history and experience in supporting critical industries, including the U.S. Department of Defense, to deliver effective and powerful cyber defense solutions to healthcare organizations, defense contractors, state and local government, and small and medium-sized businesses.
Services
- Automated data breach prevention, detection, and defense solutions
CLEAR confirms identity in real time by analyzing hundreds of signals across biometrics, documents, devices, and trusted sources. Over 31M existing users verify instantly with just a selfie, while new users enjoy the same experience after a quick, one-time setup. Designed to integrate seamlessly across key touchpoints, CLEAR protects your healthcare organization without slowing you down.
Services
- Identity Verification
Exiger empowers health care organizations to consolidate third-party cyber and supply chain risk plus due diligence into one tool that maps, orchestrates and secures medical and software supply chains. Identify and mitigate cyber supply chain risk within your direct suppliers, supplier ecosystem, and software and medical device products in a single, secure AI platform that includes SBOM generation and analysis. Learn how Exiger can help supply chain resilience, risk and compliance programs.
Services
- C-SCRM: Entity Level and Software Level Cyber Supply Chain Risk Management Services
First Health Advisory partners with healthcare and government organizations to solve complex cybersecurity challenges, align cyber strategy with business priorities, and safeguard patient care. We operate as an extension of your team across strategic, operational, and technical environments, working side by side from strategy to execution to enable safe, resilient care and organizational success.
Services
- CORE Program (Cybersecurity Oversight & Resilience Engagement)
- Data Privacy Governance Assessment and Development
Lumifi Cyber Inc. delivers next-gen managed detection and response (MDR) with Fortune 500-grade protection for businesses of all sizes. Our advanced platform pairs automated threat hunting, orchestration, and response with proactive security services to defend against ransomware and emerging threats. Backed by a U.S.-based SOC staffed with ex-military and DoD-certified experts, Lumifi ensures 24/7 monitoring and end-to-end protection — at an affordable monthly price.
Services
- Managed Detection and Response (MDR)
- Healthcare Security Program, which includes MDR, Incident Response Planning, HIPAA Security Risk Assessment and Continuous Vulnerability Identification (CVI) services
Mastercard is more than a payments company. They are also home to a globally accessible and industry agnostic collection of award-winning, patented, and trusted security solutions proven to keep your digital ecosystem secure – both inside and outside your organization.
Services
- RiskRecon Third-Party and Supply Chain Monitoring and Visualization Services
Healthcare should be secure no matter where you call home. The new Microsoft Cybersecurity Program for Rural Hospitals supports the unique cybersecurity needs of rural hospitals and delivers free and low-cost technology services, cybersecurity training and support. Accelerate your mission and drive greater impact. Microsoft is committed to delivering relevant, affordable and innovative cloud solutions to help nonprofits tackle the world’s biggest challenges.
Services
- Microsoft Cybersecurity Program for Rural Hospitals
Paycom creates technology that simplifies life for employees. Through its innovative solutions, Paycom transforms the workplace by giving employees direct access to their data in one easy-to-use software. From onboarding and benefits enrollment to talent management and more, Paycom streamlines processes, drives efficiencies, increases data integrity and gives employees power over their own HR and payroll information through a self-service app. Paycom tools include: Beti®, Employee Self-Service®, Manager on-the-Go®, Applicant Tracking, Ask Here, Benefits Administration, Clue®, Compensation Management, Direct Data Exchange®, Documents and Checklists, Expense Management, Government and Compliance, Onboarding, Paycom Learning, Paycom Surveys, Performance Management, Personnel Action Forms, Position Management, Push Reporting®, Scheduling, and Time and Attendance.
In addition, Paycom’s Global HCM™ offering can now serve users in more than 180 countries and is available in 15 languages and dialects.
Services
- Secure Payroll and HCM Services
TRIMEDX is an industry-leading, independent clinical asset management company delivering comprehensive clinical engineering services, clinical asset informatics, and medical device cybersecurity. They help health care providers transform their clinical assets into strategic tools, driving reductions in operational expenses, optimizing clinical asset capital spend, maximizing resources for patient care, and delivering improved safety and protection. TRIMEDX was built by providers, for providers, and leverages a history of expert clinical engineering with data on 92% of all active medical device models.
Services
- Medical Device Cybersecurity Managed Service
AHA Rigorous Due Diligence and Selection Process
When a hospital or health system selects a service from a company that has achieved AHA Preferred status, it can be confident that the organization has met the AHA’s highest standards.
Listen to AHA’s Bringing Value Podcast
Listen to AHA’s podcast series featuring our Preferred Cybersecurity & Risk Providers on how AHA members can address risk challenges.
Become an AHA Preferred Cybersecurity and Risk Provider
The AHA Preferred Cybersecurity Provider and Risk Program is available to highly reputable, qualified and vetted cybersecurity and risk management providers that share our vision and commitment to the nation’s hospitals and health systems. The program offers a variety of ways to get involved in our work and share your stories and services.