Title
a. Authorize the Chief Executive Officer for Natividad Medical Center (NMC) or his designee to execute an agreement with Abnormal Security Corporation for email security services at NMC for an amount not to exceed $290,862 with an agreement term through October 29, 2027 with an effective start date of the date of the last signature.
b. Approve the NMC’s Chief Executive Officer’s recommendation to accept non-standard contract provisions within the agreement.
c. Authorize the Chief Executive Officer for Natividad Medical Center or his designee to execute up to three (3) future amendments to the agreement which do not significantly alter the scope of work and do not cause an increase of more than 10% ($29,086) of the original cost of the agreement, for total contract liability of ($319,948).
Report
RECOMMENDATION:
It is recommended the Board of Supervisors:
a. Authorize the Chief Executive Officer for Natividad Medical Center (NMC) or his designee to execute an agreement with Abnormal Security Corporation for email security services at NMC for an amount not to exceed $290,862 with an agreement term through October 29, 2027 with an effective start date of the date of the last signature.
b. Approve the NMC’s Chief Executive Officer’s recommendation to accept non-standard contract provisions within the agreement.
c. Authorize the Chief Executive Officer for Natividad Medical Center or his designee to execute up to three (3) future amendments to the agreement which do not significantly alter the scope of work and do not cause an increase of more than 10% ($29,086) of the original cost of the agreement, for total contract liability of ($319,948).
SUMMARY/DISCUSSION:
Natividad Medical Center is seeking to augment its current Microsoft email security system to best address emerging cybersecurity threats to hospitals nationwide. Over the last year, we have observed a rise in sophisticated phishing and ransomware campaigns, including:
• AI-powered phishing attacks: Increased use of generative AI to craft highly convincing social engineering attempts.
• Credential Harvesting - Emails containing fake login pages to steal employee credentials for sensitive systems.
• Vendor Email Compromise - Attackers infiltrate supplier or vendor accounts and send fake invoices or payment requests.
• Business Email Compromise - Cybercriminals impersonate executives, doctors, or finance staff to request fraudulent transactions or sensitive patient data.
After testing and reviewing several email security products, the hospital’s IT department has selected the Abnormal Security Corporation’s cloud email protection platform service to optimize our email security. The proposed system adds new screening capabilities such as artificial intelligence, detecting behavioral patterns, account takeover prevention and advanced automation to report and mitigate email-based attacks.
OTHER AGENCY INVOLVEMENT:
The Office of County Counsel has reviewed and approved this agreement as to form, and the Auditor-Controller has reviewed and does not approve the non-standard payment provisions. The agreement has also been reviewed and approved by NMC’s Board of Trustees Executive Committee on April 11, 2025.
FINANCING:
The cost for this agreement is $290,862 of which $100,000 is included in the FY 2024-25 Adopted Budget. Amounts for remaining years of the agreement will be included in those budgets as appropriate. Funding will be provided from NMC’s Enterprise Fund 451-9600-6408.
BOARD OF SUPERVISORS STRATEGIC INITIATIVES:
The proposed email security service will assist with keeping Natividad Medical Center’s critical patient care systems reliable and accessible.
__ Economic Development
X Administration
__ Health and Human Services
X Infrastructure
__ Public Safety
Prepared by: Ari Entin, Hospital Chief Information Officer, 783-2564
Approved by: Charles R. Harris, Chief Executive Officer, 783-2553
Attachments:
Abnormal Security Corporation Agreement
Attachments on file with the Clerk of the Board