Congratulations to tw-Security—2024 Best in KLAS® Security & Privacy Services!

We're #1! Thank you to all our partners and customers!

Over 20 Years of Award-Winning Healthcare Cybersecurity Solutions


Why tw-Security?

  • Industry Leadership: tw-Security is an award-winning leader in healthcare cybersecurity, data privacy, and compliance.
  • Our Customers Come First: We succeed when you succeed. We value your time.
  • Stability: tw-Security is a privately held, partner-owned company that has been in business since 2003.
  • Vendor-Neutral: We are not a reseller of products or services.
  • Driven by Results: Our methodology is to define, measure, and report project progress that drives on-time, on-budget results.


Contact tw-Security to help you identify and mitigate risk.


Our Expert Services

  • HIPAA Compliance and Risk Assessment: Ensure HIPAA compliance and eliminate risk with a preventative audit.
  • Virtual CISO Services: Expert virtual CISO services tailored to your organization’s needs.
  • Ransomware Readiness Assessment: A holistic analysis of ransomware weak-points to secure vulnerable systems.
  • Incident Response Strategy: Customized incident response plans to stay one step ahead.
  • Technical Services: Penetration testing, cloud security, medical device security and more through our partner Talus Solutions.
  • Education and Training: Healthcare cybersecurity training curated to your team’s needs with our 20+ years of expertise.


Learn more about our services.



Awarded 2024 Best in KLAS®
Security and Privacy Consulting Services

“At KLAS, we firmly believe that the voice of healthcare providers and payers is paramount.

The Best in KLAS awards are based on extensive feedback and evaluations from healthcare professionals across the nation. Winning a Best in KLAS award is not just about recognition; it shows the trust and confidence that healthcare providers place in the winning vendors. It also helps validate each vendor’s commitment to innovation, quality, and customer satisfaction.

We are proud to recognize 2024’s Best in KLAS award winners! Their unwavering dedication to improving patient outcomes is wonderfully inspiring.”

—Adam Gale, KLAS Research CEO


tw-Security’s scalable solutions result in a prioritized “road map” to document that identified risk and compliance deficiencies are being addressed and corrected, as part of the risk management process. Now is the time to conduct an enterprise risk analysis and advance your program’s maturity – contact tw-Security.


tw-Security has experience with multiple regulatory requirements, standards, and frameworks. This includes HIPAA, PCI DSS, NIST Cybersecurity Framework, ISO 27002, SOC2 Type 2, and CSA Section 405(d) HICP (Health Industry Cybersecurity Practices.) We help you create your “Book of Evidence” – contact tw-Security.

Data Privacy

Information is an organization’s most nonhuman valuable asset. The data privacy program includes protected health information (PHI), proprietary and confidential organizational data, and Personal Identifiable Information (PII). To update your policies, training, and enhance your data privacy program – contact tw-Security

Breaches: By the Numbers

Read it onscreen right here.

Q3 2023 - And We Thought LAST Quarter was Bad!

Key Takeaways:

Over 45 million records were impacted, which is nearly double the number in the previous quarter. And an attack on a Business Associate led to a very bad outcome for a major healthcare system.

The last two quarters’ combined totals rise to a level we haven’t seen since 2015.

Download your own PDF to read and share.
Contact tw-Security to protect your organization.





Unauthorized Access


Data Thefts


Patients Affected



    Areas of Expertise

    Our mission is to provide you with consulting services with a focus on integrity, quality, and consistency. Our services are grounded in the guiding principles that information security is the cornerstone to maintaining the public trust; that it is primarily a business issue, not just a technology issue; and that it should be risk-based, cost-effective, and aligned with your priorities, industry-appropriate practices, and relevant regulatory requirements. Multiple services are offered within the following "Areas of Expertise."

    tw-Security Cybersecurity and Data Privacy Programs Framework Defines Our Services.

    Let's start a conversation using our integrated program framework diagram.


    Our cybersecurity and data privacy program framework integrates the evaluation and security management processes, with elements of prevention, detection, and response services.

    These elements combine best practices with situational awareness to address the people, process, and tool dynamics of cybersecurity and data privacy programs.

    To reduce the likelihood of security incidents and data breaches, programs are designed for specific cyber-threats and environments.

    Meet our leadership team

    We have the hands-on experience you need to meet tomorrow’s data security challenges today.

    Kerry McConnell <br>  CISSP
    Kerry McConnell
    Principal Consultant
    Read Bio
    Keith Fricke, MBA, CISSP, PMP
    Keith Fricke, MBA, CISSP, PMP
    Director Business Development
    Read Bio
    Mark Dill, CISM, CRISC <br>  Cybersecurity Auditor
    Mark Dill, CISM, CRISC
    Cybersecurity Auditor
    Principal Consultant
    Read Bio
    Wendell Bobst <br> CISM
    Wendell Bobst
    Principal Consultant
    Read Bio

    Who we serve

    We focus on the healthcare industry — both large and small.

    Our roster of over 250 customers represents a diverse cross-section of healthcare and related industries.

    Our healthcare hospital customers range from academic medical centers to critical access hospitals.

    We also serve specialty hospitals, freestanding ambulatory sites, and practice management organizations.

    Our customers include start-up business associates to mature software/service vendors.

    We assist universities with HIPAA-compliant programs and student health centers.

    We are called on to provide expert witness services.

    Professional organizations reach out to us for expertise, training, and advisory services.

    Put your trust in us

    Both professional organizations and industry professionals trust our insight.

    For over 20 years, our trusted advisors have shared their perspectives, insights, and observations on “top of mind” healthcare topics and trends with journalists and media professionals for a number of industry publications.

    To read what we've shared, visit IN THE NEWS.

    Our experts have authored many influential articles and features, actively participate in professional organizations, and have shared their expertise in numerous seminars and presentations.

    Thought Leadership

    Tw-Security publishes technical and editorial content that addresses the entire spectrum of data cybersecurity.

    PDF: Title TBD
    PDF: Title TBD
    PDF: Title TBD
    PDF: Title TBD
    PDF: Title TBD
    PDF: Title TBD

    Trending Topics

    We’re often called on to collaborate and share expertise with industry, academia, and the media.
    Here’s what we’re reading—and writing—today:

    With over 28 years in healthcare IT, Ward Mosser serves as a Senior Security Consultant at tw-Security, assisting in our...

    Read More

    Kathy's key areas of expertise include the design, implementation, and management of strategies to ensure compliance and alignment with federal...

    Read More

    Mikki is a specialist in data privacy, and is experienced in the preparation of regulatory policy, procedures, and plans for...

    Read More

    Here’s what people are saying:

    COO, Cloud Software Vendor
    Risk profile work product - "Great document by the way, very easy to digest."
    CIO, Academic Medical Center
    tw-Security has been our ‘go-to source’ for interim CISO services, risk assessments, investigative projects, strategic planning, Meaningful Use confirmation, and reporting to OCR.
    Clinical Informatics Specialist & Privacy Officer, Specialized Treatment Centers
    I’m so happy you guys are working with me and getting us set up with policies and procedures that comply with the HIPAA Security Rule. I sleep so much better.
    HIPAA Privacy-Security Officer, Community Hospital
    Thanks for all you do in spreading the HIPAA gospel, and helping us all learn in a way that is so understandable and memorable.
    Chief Strategy Officer, Predictive Modeling Vendor
    Thanks for the super fast turn around. I expect nothing less from "the undisputed heavy weight champions of the wooooooorrrrrrrrllllllldddd!!
    Information Security Officer, Integrated Delivery Network
    We were especially pleased with the detailed review of our policies – no other consulting firm had ever provided that level of useful feedback.
    CEO and Founder, Patient Care Business Associate
    We are extremely satisfied with tw-Security helping get our HIPAA programs off to a solid start and the ongoing guidance to help us keep on track.
    CEO, Specialty Hospital
    This Risk Management Report looks very good and is easy to read and understand.
    IT Director, Medical Center
    I appreciate your help with the risk analysis! We are very impressed with your team’s technical knowledge and hope to continue working with you in the future.

    Looking for more inspiration?

    Stay up to date!

    We only use your e-mail address to send you the best tips about tw-Security. You can always unsubscribe using the link in the e-mail.