Uncover how HealthEdge offers with safety and information privateness within the face of fast enlargement.
The healthcare sector is below fixed assault from cybercriminals. They search to infiltrate methods; expose affected person information, medical data and personally identifiable info; and extort tens of millions of {dollars} in ransom. The Verizon Information Breach Investigations Report went as far as to declare the business “below siege” because of the extent of its vulnerability downside.
“Healthcare is beset by ransomware gangs and this led to a rise in confirmed information breaches in 2022,” mentioned Suzanne Widup, a researcher for the Verizon Information Breach Investigation Report. “Healthcare is seen as a comfortable goal the place there are a variety of inner errors that result in vulnerabilities,” Widup added.
The report famous a rise in confirmed information breaches resulting from ransomware encryption in healthcare over the previous couple of years. These assaults are leading to extra information being compromised, larger ransoms being demanded and longer outages being suffered by healthcare suppliers.
Healthcare SaaS-based digital payer platform HealthEdge lives on this difficult setting. In addition to having to take care of hackers, it should adhere to strict legal guidelines and laws equivalent to HIPAA and quite a few information privateness guidelines. Safety and compliance are excessive priorities.
See additionally: A safety ingredient usually ignored by executives
The corporate hosts its software program in varied colocation websites with the variety of websites rising resulting from fast enlargement. As a way to act as accountable stewards of the knowledge entrusted to them by their clientele, HealthEdge makes use of quite a lot of methods.
HealthEdge’s safety methods
All-flash arrays
The corporate made a strategic transfer to transition from arduous disk drive methods to a lot sooner and extra compact flash storage from Pure Storage. These items embody varied security measures, together with snapshotting, immutability and clever file indexing that delivers correct model monitoring and recoverability of information.
Beforehand, HealthEdge had applied a hyper-converged storage platform. These massive cupboards contained storage, compute and networking elements. The cupboards have been pre-engineered to combine carefully and ship excessive efficiency. They carried out nicely of their day however not met the group’s wants, the corporate mentioned.
Due to an enormous improve in storage capability calls for, the price of including these massive home equipment turned prohibitive. It wasn’t attainable to simply add storage. Customers needed to buy the whole field with a predefined quantity of storage, compute energy and networking functionality.
“We have been seeing storage capability development of 30% or extra per yr, and these items turned costly to scale,” mentioned Kendra Rozett McCormick, senior supervisor of datacenter and community operations at HealthEdge. “Upkeep of those bins was tough as we have been coping with constant disk failures and excessive prices,” McCormick mentioned.
In addition to switching to all-flash arrays, the corporate subscribes to its Evergreen program. This gives continuous upgrades to the newest direct flash modules, controllers and software program with out having to have interaction in disruption by switching out storage arrays.
See additionally: How information governance impacts information safety and privateness
Safe level to circuit
One other safety technique employed at HealthEdge is safe level to circuit. Information transfers are difficult because of the sheer quantity of knowledge and the potential of information loss or a knowledge breach in the course of the switch. Thus, HealthEdge mentioned it determined to improve from conventional VPNs to a devoted point-to-point circuit. In addition to improved safety, the circuit gives higher efficiency, monitoring and troubleshooting.
Authentication
HealthEdge’s high-speed connectivity resolution affords safe person authentication by way of OpenID Join and/or SAML 2.0 protocols for person authentication. These allow prospects to authenticate their customers by way of a safe Id Supplier. In consequence, delicate credentials are solely despatched on to the shopper’s IdP.
Payer authentication is delegated to the shopper’s IdP. This permits shoppers to use their very own password insurance policies independently with out HealthEdge involvement. Multi-factor authentication is included. Customers should use two or extra classes of authentication to confirm their identification, equivalent to a novel token or a biometric.
Single sign-on was arrange as a one-time exercise. As soon as applied, the identical configuration works seamlessly throughout the entire environments that make up a selected well being plan. It encompasses manufacturing, pre-production, check and growth. SSO accelerates deployments and upgrades and reduces operational prices whereas sustaining safety.
See additionally: A glance into Information Privateness Week, 2023
Community safety
Devoted circuits arrange a Layer 3 connection level between HealthEdge and buyer information facilities. This connection level serves because the entry level for the devoted circuit and facilitates the switch of information between HealthEdge and consumer infrastructure. To maintain it safe, a Community Deal with Translation IP tackle is required as an endpoint for routing site visitors. This ensures that information is directed accurately between HealthEdge and the shopper community with excessive efficiency and reliability. To additional improve resilience, an IPsec VPN tunnel can also be established as a passive, redundant connection. Within the occasion of the devoted circuit turning into unavailable, the IPsec VPN tunnel acts as a backup, enabling continued information switch.
Catastrophe restoration
Lastly, catastrophe restoration plans are developed for every HealthEdge consumer. These plans are examined and up to date recurrently to make sure they continue to be efficient by the HealthEdge IT safety and compliance group. Simulations are achieved to establish gaps or weaknesses within the plans, in addition to make sure the plan is in line with modifications to enterprise operations or IT infrastructure.
