SEATTLE – JULY 30, 2020 – ExtraHop, the leader in cloud-native network detection and response, today announced independent validation for Health Insurance Portability and Accountability Act (HIPAA) policies, procedures, and technology conducted by third-party assessor, CoalFire.
The urgent shift to teleworking, an accelerated move to the cloud, and an influx of security attacks on vulnerable systems have driven healthcare organizations to reassess priorities to ensure they can detect and stop breaches in the ever evolving threat landscape. Health organizations can now easily utilize ExtraHop Reveal(x) for broad visibility into every device accessing the network, streamlined threat hunting, and detection of often missed threats that move laterally in the east-west corridor.
The assessment of ExtraHop Reveal(x) for HIPAA was conducted and verified by CoalFire, a third-party assessment firm, to help healthcare organizations satisfy their compliance requirements including the Breach Notification Rule as formalized by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 and the Omnibus Rule of 2013. Compliance with these standards confirms to healthcare organizations that the administrative, physical, technical and organizational regulations and procedures of ExtraHop Reveal(x) meet HIPAA requirements.
"Our commitment to our healthcare customers requires us to hold ourselves to the highest standards and passing the HIPAA assessment is one step on that journey," said Jeff Costlow, Deputy CISO at ExtraHop. "All organizations are under great pressure to ensure they don't get breached and network detection and response is proving to be critical to this effort for healthcare organizations."
In addition to HIPAA, ExtraHop Reveal(x) maintains a comprehensive set of compliance standards and certifications to ensure the highest level of security and privacy assurance for customers around the globe including:
- NIST CSF and NIST SP 800-53 — ExtraHop's information security policy is based on the NIST Cybersecurity Framework, which offers standards, guidelines and best practices to manage cybersecurity risk.
- SOC 2 and SOC 3 — These are third party audits of a company's processing controls pertaining to consumer data.
- General Data Protection Regulation (GDPR) — This law is intended to improve the privacy, security, and transparency in the use of personal data for European citizens.
- US Privacy Shield — This is a framework offering a way for US companies to comply with GDPR.
To learn more about how ExtraHop works with Healthcare organizations visit: https://www.extrahop.com/solutions/industry/healthcare/. To learn more about ExtraHop compliance and certifications, visit: https://www.extrahop.com/compliance/.