ADWISERY has implemented the project “Testing for Burglary Resistance, Compliance and Information Security Risk Assessment”

The experts provided the National Health Insurance Fund with the Compulsory Health Insurance Information System, Financial Management and Accounting Information System, Information System of the Register of Persons Eligible for Compulsory Health Insurance, Queue Management Information System, Information System for the Declaration of Prices and Compilation of Price Lists of Reimbursable and Non-reimbursable Medicinal Products and Reimbursable Medical Aids “iDrug”, European Data Exchange Information System, Detailed Patient- Level Cost Accounting Information System, Document Management Information System (hereinafter – DVS), www.vlk.lt website (hereinafter – the Website) and the NHIF computer network vulnerabilities, compliance with Lithuanian legal acts and international standards and information security risk assessment services.

The following services were provided during the implementation of the contract (project):

  1. State information burglary- resistance testing, external and internal computer network burglary- resistance testing, as well as software and information system architecture security assessment using vulnerabilities and burglary testing methodology compatible with OWASPv4 and OSSTMMv3 were performed. A plan of measures was prepared to eliminate the identified vulnerabilities;
  2. The assessment of the compliance of the state information systems and the information security management of the Website with the requirements of the Lithuanian legal acts regulating information and cyber security management, the requirements of the international standard LST ISO / IEC 27002: 2014 was performed. An evaluation report and descriptions of non-conformities were prepared, and recommendations for the elimination of non-conformities were provided;
  3. Information security risk assessment of state information systems was performed in accordance with ARSIS, CVSSv3, COBIT5 methodologies and other international standards and recommendations on elimination of identified risks were prepared. A plan of risk management measures was prepared to manage the identified risks.

NHIF was satisfied with the competence of the experts involved in the project, the ability to delve into the needs of the organization and the deadlines of the implementation of contractual obligations, and provided feedback.