Cybersecurity and Privacy

With experience and focus in cybersecurity for digital health, life sciences and finance, Quandary Peak is trusted by companies in these industries to analyze software, develop threat models, implement leading standards, and meet changing regulations related to cybersecurity and privacy.

We specialize in implementing and assessing leading standards and practices including: NIST CSF, OWASP, ISO 27001, Zero Trust, supply chain security and others. We cover a range of Health IT specific interoperability scenarios – including privacy, security, authorization, and compliance services for FHIR APIs, HIPAA-compliant systems, medical device security, 21 CFR Part 11 data integrity, supply chain security and more. We stay current on the latest security and privacy regulations from agencies including FDA, ONC, CMS, GSA, state regulatory bodies, and others. We participate actively in standards development and harmonization, and work to stay current on always-evolving threats and technical best practices.

We assist clients in training, code analysis, tool selection, regulatory analysis, audits, pre-audits, reverse engineering, and more. We help companies understand and apply changing regulations and get out in front of fast-changing cybersecurity and privacy law while also protecting their software and digital assets and customers from the real and growing risk of cybersecurity attacks.

What We Do
  • Training and Education
  • Gap Assessments and Pre-Audits
  • Outsourced CISO and regulatory consultation
  • Compliance Risks and Government Inquiries
  • Threat Analysis and Assessments
  • Organizational Certification (HITRUST, ISO 27001) efforts
  • Prelitigation and litigation technical expertise
Health IT Vertical Expertise
  • Certified Health IT (ONC) Security and Audit Log requirements.
  • FHIR Security and Information Blocking Requirements.
  • HITRUST, Direct Trust, HISP and other Health IT Security and Interoperability certifications.
  • HIPAA Privacy Regulations
  • 21 CFR Part 11 requirements (pharma and life sciences)
Cross-Vertical Expertise
  • ISO 27001, NIST 800 53 other security standards
  • SANS 20 CSC, COSO, SOX, SOC 2,
  • SOC 1, and COBIT 5
  • Privacy Regulations (GDPR, CCPA)

We Know Health IT Cybersecurity

Our staff is experienced in a wide range of industry standards and best practices for implementing cybersecurity best practices – with a particular sub-focus in Health IT.


Security Frameworks, Industry Knowledge Sources, Health Security and IOP Standards, Skills Certifications
Cybersecurity logo grid

General Security Subject Matter Expertise

Application Security
  • OWASP Top Ten, CWE and other code-level security vulnerabilities
  • Proper use of digital certificates, hashes, salts, obfuscation and other methods.
  • Cryptography, SSL/TSL security management
  • Firmware Security
  • Secure software development framework (SSDF) and code development policies
Policy and Risk Strategies
  • Data Loss and Ransomware Strategies
  • Zero-Trust
  • Threat Modeling
Cloud and SaaS Security
  • Cloud Security Monitoring tools
  • Role and Access Configuration Management tools
  • Zero Trust Policies, Best Practices and Implementation Guidance
  • API Security
  • Identity Protocols
  • Password Management
  • Oauth, Open ID and other web 2.0 protocols
Supply Chain Risks/Solutions
  • Vendor Risk Assessments
  • 3rd Party Library Security Management
  • Medical Device Manufacturing Security
Physical Security
  • Firmware and Hardware security
  • Biometric and other Identification mechanisms
  • FIPS and physical deterrents
Social Engineering
  • Best Practices and Training