According to the Ponemon Institute, 72% of cyberattacks target small- to medium-sized businesses. With the bad guys now focusing on the SMB sector, hardening security is critical, especially for firms developing and deploying SaaS applications for the healthcare industry in the cloud.
Yes, all the features and functions must go through usability testing to know the application is ready to deliver value to providers and their patients. But developers also need to consider compliance and security. Software teams with the skills to develop application features are not always tuned in to the latest standards, particularly for the cloud.
Eliminating All the Hard Work to Achieve Compliance and Security in the Cloud
That’s where a partner like Healthcare Blocks can come to the rescue. The company first launched in 2013, providing HIPAA compliance and security services to start-ups and SMBs that need to quickly deploy healthcare applications in the cloud. Today, Healthcare Blocks has expanded its market to include enterprise organizations that implement new applications in the cloud and need a review of their security and compliance posture.
Healthcare Blocks is a strategic partner of PulseOne, and I recently interviewed Phil Misiowiec, the CTO and founder of the company. Phil shared how his team helps clients validate if their cloud provider platform is compliant with HIPAA and other healthcare regulations and standards, such as SOC 2 and HITRUST. Healthcare Blocks also helps make sure clients have all the necessary security controls in place, so risk assessments and compliance audits go more smoothly.
“In addition to security policies, we also take a look at systems administration and DevOps processes to make sure the overall security posture is strong,” adds Misiowiec. “When deploying an application in AWS or another cloud platform, there’s a lot of work to be done for compliance. We can also quickly set up cloud infrastructures to prevent security breaches.”
Experience Helping Businesses of All Sizes
Over the years, Healthcare Blocks has worked with all size companies, from large enterprises to early-stage two-person teams. “SMBs tend to have a limited budget and time,” Misiowiec says. “We make it easy and help them scale over time as they grow and use more compute resources and deploy more applications and databases containing sensitive patient information.”
One such example is Toxicology Management Services (TMS), which was one of the first clients for Healthcare Blocks. TMS offers cloud-based lab testing services to healthcare providers in the U.S. As the company planned to run their applications in the cloud, they turned to Healthcare Blocks to take care of compliance and security.
TMS launched on AWS in 2013, and seven years later, they are still a Healthcare Blocks customer. Each time TMS launches a new service, they check with Healthcare Blocks to see what needs to be done to defend against cybersecurity and to comply with regulations.
The Secret Sauce for Compliance and Security
How does Healthcare Blocks do it? They leverage a proprietary meta-framework for the healthcare industry that aligns cloud implementations and server configurations with SOC2, AWS Foundations, HIPAA and HITRUST. Alignment with these standards and regulations is key because daily cyber threats are getting more and more sophisticated. “Application developers may not be up-to-date with the latest threats,” says Misiowiec. “We provide training on what to look for, and our systems identify real-time threats such as data exfiltration attempts.”
As attacks get more sophisticated, so too do the security standards, which are not easy to keep up with. “Businesses need to review their security controls on a regular basis,” Misiowiec emphasizes. “For example, recommended password lengths have increased from 6 characters to 14 in recent years, and techniques for multi-factor authentication keep evolving.”
Partnership with PulseOne Maintains On-Going Protection
Healthcare Blocks and PulseOne have collaborated several times to assist customers with security and compliance. After Healthcare Blocks sets things up—saving customers the time and effort of working with the cloud platform provider—we provide ongoing managed services for compliance and security.
We also conduct regular risk assessments and penetration testing. In addition, we can assist with on-premises environments while Healthcare Blocks focuses on your cloud environment. It’s a great partnership to cover all your needs for security and compliance!
To build a strong security and compliance posture for your business, learn more about Penetration Testing, or find out more about Healthcare Blocks offerings, contact us today!
