Our daily lives and the internet are intertwined. We communicate, pay bills, book trips, and purchase items, all using the internet. Technology has advanced so much in the past few decades, that these practices have become standard fare, and with that, are generally accepted without questioning the mechanics or what’s happening behind the curtain. As technology advances, the ways our information is secured safely get better and more reliable. However, clever tactics to steal our precious and confidential information has also advanced. Now more than ever, its crucial to stay ahead of the curve and be diligent with protecting our information.
At Net Health, we have the responsibility of storing and protecting protected health information (PHI) and other data. This is a top priority and our goal is to ensure the safety of our data, and especially the data of our clients. In recognition of National Cybersecurity Awareness month and with help from Jay Miller, Net Health’s Information Security Architect, we delve into how Net Health protects data and what measures are in place to prevent data loss.
How do we take care of and monitor data?
Our customer data is stored at redundant third-party datacenters which undergo a compliance audit called an SSAE16 SOC 2 Type II. An independent party rigorously tests many types of security metrics (logical, physical, technical) to ensure they maintain assurance and compliance to HIPAA Privacy and Security Rules and the HITRUST Common Security Framework.
A next-generation firewall is maintained at the perimeter of our network. We also have an IDS (intrusion detection system)/IPS(intrusion prevention system) attached. Data at rest and Data in transit are protected with encryption. A SIEM (security information and event management) appliance monitors our network activity, looking for different trends happening in our network traffic and alerts us of suspicious or confirmed threats. It also holds our infrastructure logs for incident response and investigative purposes.
Net Health’s IT department began a vulnerability management program some time ago to find and remediate potential vulnerabilities in our infrastructure configurations. The vulnerability scanner is run on a weekly basis and generates a report, which details different levels of criticality to the found vulnerability on a critical, high, medium and low scale. From those results, we see if there is anything to protect from that risk and reassign it. The IT team discuss the found risks and put the changes into the change control system on a monthly basis.
How do we prevent data loss?
To minimize data loss, Net Health has two geographically separate sites with a mirrored infrastructure at our secondary datacenter. The database is configured in an availability group, and data is copied over in real time to the secondary site. This configuration is referred to as a hot DR (disaster recovery) setup. For our Xfit products, this configuration allows us to achieve an RTO (Recovery Time Objective) of 30 minutes and an RPO (Recovery Point Objective) of 15 minutes.
There is also a Business Continuity Plan (BCP) in place. A BCP, through strategy, recognizes threats and risks a company faces, with the intent of ensuring protection for personnel and assets in the event of a disaster. Our BCP focuses on how we manage our backups and consists of daily, weekly, and monthly backup plan. Having this plan in place is essential in ensuring the resilience of our software.
Solid and strong cybersecurity practices are paramount to the longevity of your product. Net Health is committed to supporting secure configurations and compliance initiatives, and the aforementioned measures are only some of the ways we provide security. Additional documentation and examples of our security policies can be obtained upon request by contacting firstname.lastname@example.org.