Cybersecurity is a constantly evolving threat with the potential for massive risk and impact. HealthEdge is always on guard against cyber threats with a security blueprint and technology stack. The main HealthEdge cybersecurity pillars are:
Prevention is a critical component of cybersecurity. HealthEdge secures the network infrastructure with segmentation and network traffic controls. We commit to continuous vulnerability and patch management, as well as security for incoming and outgoing data management with data loss prevention controls, Internet proxies for secure browsing, and email security controls to protect users from malicious attachments, links, and phishing. Endpoint devices are secured on and off the network, including mobile devices to ensure secure collaboration and sharing. HealthEdge ensures our team is regularly trained on information security through our robust Security Awareness For Everyone (SAFE) program. Targeted training is conducted for secure coding, which ensures security by design.
Identity and access management controls allow authorized user access to the corporate network. Security controls are configured for remote access using VPN and multi-factor authentication.
Security Operations and Compliance work in tandem to monitor and enforce policy for cloud-based applications. Security data from across the environment is ingested and normalized into our Security Information and Event Management (SIEM) tool in real-time. Using the correlated data, the Security Operations team can quickly respond to security events using our Security Orchestration Automation Response (SOAR) tool.
Securing Applications & Validating Controls
HealthEdge continuously tests our website, and applications for code vulnerabilities. We protect web applications from malicious attackers using our Web Application Firewall (WAF) and monitor third-party risk using public information to profile a company’s security behavior. These controls are validated through governance risk and compliance with penetration testing and continuous auditing to ensure the company is meeting compliance and risk standards.
In addition to security controls managed internally, HealthEdge has a robust threat intelligence program through partnerships with healthcare industry peers and cybersecurity experts. Alerts and reports are continuously assessed, and security controls are regularly adjusted in accordance with intelligence findings and applicability.
Because the threat is always evolving, HealthEdge must be positioned to immediately respond to security incidents. This response is a coordinated effort in which we collect data and correlate behavior to achieve comprehensive understanding during the investigation process. eDiscovery ensures data is collected, and integrity is maintained, for legal matters. Response strategies include Business Continuity Planning (BCP), Disaster Recovery (DR), and controls to support redundancy and availability, which are regularly evaluated for improvements.
HealthEdge understands what it means to be a good steward of customer data and we take this responsibility seriously. Our teams work around the clock to ensure maturity when it comes to pillars of security. Follow us next month when we dive into industry trends and top threats.