blogheader-bg.jpg

Epiphany Healthcare Blog

Epiphany Healthcare has Received ISO/IEC 27001:2013 Cyber and Physical Security Certification

Posted by Russ DeRemer on February 10, 2020 at 11:39 AM

Cyber Security on the Mechanism of Metal Gears.

As I write this memorandum, Epiphany Healthcare is the only vendor in our market niche with a cyber-security certification.  We are excited to be able to demonstrate our commitment to our own security and our customer’s security with this certification.

When selecting a security certification body, we evaluated three alternatives for cyber and physical security certifications:

ISO 27001; HITRUST; and SOC 2.  All three are remarkably similar. 

“Each certification has similar controls and requirements, with SOC and ISO being remarkably equal, and HITRUST intensifying the “How” [in how] requirements are met.”  https://apgarandassoc.com/certification-readiness/

Medical device companies, with a Class II or Class III FDA-registered devices, utilize ISO 13485 certification to meet Quality Management System (QMS) requirements.  Having familiarity with the ISO QMS certification process led us to select ISO 27001 for cyber and physical security certification.

ISO In adopting the ISO 27001 standard, a company must consider risk assessment and treatment options.  Epiphany chose to establish a low-risk tolerance, which was the most demanding standard.  We implemented all recommended controls in ISO 27001, including those for cloud, creating a total of more than 121 controls.  We also chose to apply these controls to all aspects of our business and products, including Epiphany Cloud Services.  The investment in this certification, including man-hours, staff training, and registrar expenses exceeded $300,000.  Over 1,000 pages of documentation were either modified or created to meet the certification requirements.

These controls include establishing clear guidelines for responding to security events and incidents, employee onboarding/off boarding, work-from-home evaluations, mobile device management, office security, penetration testing, secure software development, adding new security technologies to our enterprise, business continuity plans to recover from unplanned events (such as a hurricane, ice storm, loss of power, etc.), ransomware and malware strategies, and even what is required on our visitor sign-in sheets.

All of the clauses, controls, and a summary of the implementation of Epiphany Healthcare’s Information Security Management System (ISMS) framework is available upon request.

 

Russ DeRemer

CEO

Epiphany Healthcare

Topics: ECG management system, information technology, cybersecurity

Epiphany Healthcare is ISO 27001 Certified

Posted by Shannon Richter on January 14, 2020 at 11:25 AM

ISOEpiphany Healthcare announces that it has become the only vendor in the niche market of ECG management software with a cyber-security certification. Epiphany is officially ISO 27001 certified for all of its products and locations. To be ISO 27001 compliant means Epiphany meets the security standards from the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).  

The goal of being ISO 27001 compliant is for companies to provide IT security management standards that ensure the protection of data. Risk management is a key component of ISO 27001, which holds companies accountable for their strengths and weaknesses.

Considering risk assessment and treatment options, Epiphany chose to establish a low-risk tolerance, which was the most demanding standard. Epiphany implemented all recommended controls in ISO 27001, including those for Epiphany Cloud Services, creating a total of more than 121 controls. Epiphany then applied these controls to all aspects of its business and products.

"This certification reinforces our commitment to protect our customers’ vital information and data,” says Epiphany Healthcare’s Product Manager of New Ventures, Eddie Hernandez.

Becoming ISO 27001 certified brings information security under management control with clear guidelines being met. Some of the guidelines established to increase IT security are for responding to security events, employee on-boarding/off boarding, mobile device management, office security, secure software development, ransomware and malware strategies, and more.

The investment in this certification, including man-hours, staff training, and registrar expenses exceeded $300,000. Over 1,000 pages of documentation were either modified or created to meet the certification requirements. The outcome was a new IT management system ensuring that Epiphany Healthcare focuses on protecting the confidentiality and integrity of its data.

Epiphany Healthcare has focused on becoming ISO 27001 compliant to reduce the risks associated with increasing security threats. By applying standards and best practices of information security, Epiphany has strengthened its processes to enable better safeguards. Being ISO 27001 compliant enables Epiphany Healthcare to be better prepared in preventing any potential security incidents.

About Cardio Server:

Epiphany’s Cardio Server is a cost-effective, web-based management system that receives, manages, and exports diagnostic test results to the electronic medical records. Cardio Server is vendor-neutral and communicates with over 260 devices from over 80 vendors. Cardio Server provides easier integration since it accepts data from 23 different modality types such as ECG, PFT, stress, Holter, patient monitoring, and more.

About Epiphany Healthcare:

With over 950 hospital customers worldwide, Epiphany Healthcare is committed to serving its customers’ needs through product innovation, the delivery of exceptional service, and an unwavering dedication to improving clinical workflow. Discover why Epiphany is the preferred provider when managing multi-vendor, multi-modality diagnostic test data. For more information, please visit http://www.epiphanyhealthdata.com, follow Epiphany on Facebook (https://www.facebook.com/EpiphanyHealthcare/) Twitter (@epiphhealth), or Linkedin (http://www.linkedin.com/company/epiphany-healthcare).

Topics: Health IT, Healthcare Technology, cybersecurity

Security, Threats, and Bad Actors in Healthcare

Posted by Russ DeRemer on May 22, 2018 at 10:42 AM

From the desk of the President: Focus on cybersecurity 

The number of bad actors, the seriousness of damage, and the frequency of threats continues to increase in healthcare cybersecurity.  Healthcare and medical devices are under attack.  Managers must consider cybersecurity when maintaining and upgrading their medical devices.

Cyber Security

Healthcare Ransomware, Data Breaches, Represent Top Industry Threats (from the 2017 HIMSS Cybersecurity Survey) by Elizabeth Snell, Thinkstock

75% of the 239 healthcare respondents said that their organization experienced a significant security incident in the past 12 months.  Nearly all of those entities (96%) were able to identify the threat actor.

37% of healthcare respondents that experienced a security incident in the past 12 months said it was due to an online scam.  20% of those surveyed attributed the attack to a negligent insider, with another 20% said a hacker caused the issue.

55% of those surveyed said their organization has a dedicated or defined amount of the budget for cybersecurity needs.

The 2017 HIMSS Cybersecurity Survey Final Report found:

•  Patient Safety is the #1 Concern
•  Data Breach is the #2 Concern
•  Spread of Malware is the #3 Concern

Epiphany Healthcare customers have often, in the past, waited to upgrade their systems until their operating system or browsers reached end of life.  This strategy may have been OK six or seven years’ ago.  It is not today.

Today, our software has evolved with a tremendous focus on the escalating cybersecurity threats and is much more secure than the software deployed six or seven years’ ago when the constant threat did not exist.

We contract with consultants to identify system vulnerabilities.  Those vulnerabilities that can be patched are released for the current version.  Vulnerabilities that cannot be patched are addressed in the next release.  This is an ongoing process to keep up with the evolving security threats.

In summary, current versions of Epiphany’s Cardio Server are far more secure than versions from six years’ ago.  Epiphany strongly recommends that every time you add a new module or feature, include a software upgrade in your purchase.  The software is included in your annual support agreement, you only pay for project management and technical engineering to implement the upgrade.  It is the prudent course to take in today’s world.

Take a Look: Start Planning Your Upgrade

Topics: Cardio Server security, security, upgrade, cybersecurity

Subscribe to Our Blog

Posts by Tag

See all

Follow Us: