Healthcare organizations face an increasing threat from cyber attacks and hospitals are spending big to ensure their patients' data is protected. In 2017, healthcare spending on IT reached $100 billion and there were around 32,000 intrusion attacks per day on healthcare organizations, according to FortiGuard Labs, as reported by CSO.
Here are more than 125 companies focused on cybersecurity for hospitals, health systems and other healthcare organizations.
Contact Laura Dyrda to recommend a company for this list at ldyrda@beckershealthcare.com and Ryan Ciepley at rciepley@beckershealthcare.com.
Absolute (Vancouver, Canada). Absolute offers near real-time security breach remediation. The company's Absolute Persistence product, a self-healing endpoint security technology, provides IT personnel control over devices and data. Absolute's cloud-based visibility allows for remote IT asset management and security for healthcare providers, including support from its healthcare information security and privacy practitioners and ASIS-certified protection professionals.
Agari (San Mateo, Calif.). Agari allows companies to secure themselves and customers from advanced phishing attacks. The Agari Email Trust Platform helps healthcare organizations verify trusted email identities and stop threats of identity deception.
AlienVault (San Mateo, Calif.). AlienVault is the provider of Unified Security Management, a comprehensive approach to security monitoring, and the AlienVault Open Threat Exchange, an open threat intelligence community enabling collaborative defense with community-powered threat data. USM is designed to monitor cloud, hybrid cloud and on-premises environments.
AllClear ID (Austin, Texas). AllClear ID provides breach response and customer identity protection services. The company notifies customers in the event of identity theft and assigns a dedicated investigator to initiate any dispute processes, recover financial losses and restore credit reports to the pre-fraud state.
Arxan (San Francisco). Arxan offers application attack-prevention and self-protection products for the internet of things with mobile and desktop applications. The company aims to protect customers from financial loss, fraudulent transactions, stolen credentials and internet protocol theft. In the healthcare space, Arxan offers protection for embedded apps in medical devices.
Attivo Networks ThreatDefend (Fremont, Calif.). The ThreatDefend Deception and Response Platform is a powerful security control for an active defense, which provides early threat detection and changes the asymmetry against attackers. The Attivo Networks deception solution takes an innovative approach to detection by dynamically setting traps and lures to create a virtual hall of mirrors, altering an attacker's reality and imposing increased cost as they are forced to decipher what is real versus fake.
Auth0 (Bellevue, Wash.). Auth0 is a HIPAA-compliant service that healthcare organizations can use with their business associates when handling protected healthcare information. The company provides authentication for third-party business associates and ensures all data transfers are HIPAA-compliant. On May 15, the company announced $55 million in series D funding.
Axway (Phoenix). The Axway Amplify Platform is a data and engagement platform that can provide real-time operational intelligence and API lifestyle management. In the healthcare space, the Axway Amplify can help eliminate silos, overcome interoperability challenges, accelerate meaningful use and promote patient engagement with health information.
Barracuda Networks (Campbell, Calif.). Barracuda Networks offers solutions to solve IT problems including content security, networking and application delivery and data storage, protection and disaster recovery. The Barracuda Web Application Firewall provides secure access to patient portals while the Barracuda NextGen Firewall F secures network devices against persistent threats, malware and zero-day exploits.
Barrier1 (Minneapolis). Barrier1's Real-Time Intelligent Threat Management and the Advanced Analytics Reactive Engine platforms are designed to protect against security breaches. The technology inspects traffic type and dataflow to stop malware and viruses; analyzes the real time data flow; and inspects the network with multiple methods of authentication. The company's customers include hospitals, clinics and specialty providers with MRI and CT Scans from multiple hospitals and clinics.
Battelle (Columbus, Ohio). Battelle is a nonprofit research and development organization that includes a team of experts devoted to medical device cybersecurity. The team members, led by a certified ethical hacker, hacks into medical devices to help manufacturers identify vulnerabilities in the software, mitigate cybersecurity risks and help design new products.
Bayshore Networks (Bethesda, Md.). Bayshore offers solutions for a variety of cyber initiatives, including industrial asset visibility, cybersecurity protection and managed remote access. The company aims to help clients eliminate cyber threats and risks while preparing to achieve industrial internet of things maturity. In March, Bayshore announced a global engineering expansion with plans to open two new engineering centers of excellence in 2018.
BeyondTrust (Phoenix). BeyondTrust delivers cybersecurity solutions designed to reduce risks and act against internal and external data breach threats. The company offers an integrated risk intelligence platform to identify critical risks and provide information for the company. In the healthcare space, BeyondTrust's PowerBroker privileged account management solution enforces best practices; its Retina vulnerability management solutions allows the healthcare IT security team to identify exposure, analyze the business impact and conduct remediation.
BIO-key (Wall Township, N.J.). BIO-key offers biometric software and hardware solutions to strengthen user authentication. The company's products include finger scanning devices for authentication in addition to passwords, PINs tokens and cards for customers to secure their devices.
Biscom (Chelmsford, Mass.). Biscom is the leading provider of secure document delivery solutions for healthcare. The company’s secure file transfer (SFT), secure enterprise fax solutions, and cybersecurity consulting help some the country’s largest healthcare providers keep documents secure, information sharing compliant, and employees collaborating. Integrated with leading healthcare EHRs, Biscom brings the power of secure document sharing to systems including Epic and Centricity, decreasing the average time spent on document delivery by 40% - time providers can dedicate to focus on patient care. The National Institutes of Health, Cedars-Sinai, Dana Farber, Massachusetts General Hospital, and Boston Children’s Hospital rely on Biscom to securely transmit and share information, keeping confidential data protected.
Bitglass (Campbell, Calif.). The Bitglass Cloud Access Security Broker solution enables organizations to ensure security and regulatory compliance when using cloud apps. Founded in 2013, the company aims to protect corporate data on managed and unmanaged devices. Bitglass' platform can help healthcare professionals with multiple hospital affiliations access files on any device and maintain visibility and control of their data. In April, Bitglass partnered with Cylance to provide protection across cloud and mobile devices.
BlueCat (Grapevine, Texas). BlueCat centralizes and automates domain name server services so organizations can leverage the DNS data for increased visibility, control and compliance. The company takes a software-centric approach to information security and promotes interoperability to manage complex network structures. In the healthcare arena, BlueCat allows organizations to centrally manage and track wired and wireless networks and devices.
Bradford Networks (Boston). Bradford Networks' network entry solution is designed to continuously assess risks of all users and endpoints. The technology integrates with existing endpoint security, firewall and threat detection solutions through the SmartEdge Platform.
Bricata (Columbia, Md.). Bricata develops modern network intrusion detection and prevention solutions (IDPS) with network threat hunting capabilities. The core platform examines threats with three different detection engines looking for malicious signatures, behavior anomalies and zero-day malware or polymorphism. Bricata also captures important metadata about network transactions which provides the security operations center with a simple way to begin hunting for threats while providing important context in the event of incident response. Bricata works well with existing security applications, scales for large organizations, and provides an affordable solution for situational awareness as part of a layered security posture that reduces complexity and the time it takes to detect and remediate threats.
Bromium (Cupertino, Calif.). Bromium focuses on the global enterprise security market and its Bromium Secure Platform protects against all advanced malware. The company's solution can secure patient data and minimize breaches across the healthcare industry.
CA Technologies (New York City). CA Technologies works with healthcare organizations on digital transformation initiatives to prevent cybersecurity attacks while still providing streamlined access to authorized employees and partners. The company has worked with BlueCross BlueShield of Tennessee, Englewood, Colo.-based Catholic Health Initiatives and GlaxoSmithKline Vaccines in the healthcare space.
Centripetal (Herndon, Va.). Centripetal's core networking technologies are designed to simplify cyber intelligence collection and management to stop unwanted network traffic. The company's QuickThreat Gateway combines proprietary software and hardware to detect and enforce 5 million threat indicators. In 2017, Centripetal was named a Gartner "Cool Vendor" in security.
CI Security (Seattle, Wash.). CI Security provides Managed Detection and Response services, combining purpose-built technology with expert security analysts to perform full-cycle threat detection, investigation, response, and recovery. Forged in healthcare, CI Security’s technology platform, Security Operations Center, and Information Security consulting services help healthcare customers gain critical insight into their security posture.
CipherCloud (San Jose, Calif.). CipherCloud's comprehensive multicloud security platform integrates advanced data protection, adaptive policy controls, monitoring and cloud risk analysis to secure organizations in financial services, insurance and healthcare industries, among others. CipherCloud works with healthcare organizations, pharmaceutical companies and insurance providers to safeguard private health information while maintaining HIPAA compliance.
Citrix (Fort Lauderdale, Fla.). Citrix provides a secure digital workspace to unify apps, data and services necessary for productive organizations while allowing IT personnel to manage complex cloud environments. The workspace as a service company developed a platform for enterprise file synchronization and sharing with users across all business segments. The Citrix Windows apps solution allows healthcare organizations to securely deliver apps to diverse mobile devices including tablets and smartphones. The company's Enterprise Mobility Management Technologies provides security for bring-your-own-device environments.
Clearwater Compliance (Nashville, Tenn.). The American Hospital Association endorsed Clearwater Compliance as a leading provider of hospital and health system compliance and cybersecurity management solutions. The company has implemented systems in hundreds of hospitals and health systems, Fortune 100 organizations and the federal government. In January, Clearwater Compliance raised capital through an investment from Altaris Capital Partners.
Coalfire (Westminster, Colo.). Coalfire is the cybersecurity advisor that helps covered entities and business associates avert threats, close gaps and effectively manage risk. By providing independent and tailored advice, compliance assessments, technical testing and cyber engineering services, the company secures health data throughout the care continuum. Coalfire is one of the original HITRUST CSF assessor firms with the experience required to efficiently manage successful certifications.
Code42 (Minneapolis). Code42 is a software as a service solution designed to back up distrusted end-user data on a secure platform. The company's software can protect files across Mac, Windows and Linux laptops and desktops automatically to limit risks and meet data privacy regulations.
Comodo (Clifton, N.J.). Comodo has more than 100 million installations of its security product in healthcare as well as other industries. Comodo's technology authenticates, validates and secures networks and infrastructures around the world, designed to solve advanced malware threats, both known and unknown.
CORL Technologies (Atlanta). Founded in 2012, CORL Technologies provides vendor security risk management solutions as part of the vendor risk management program. The program allows healthcare organizations to monitor vendor risk, ease compliance audits and improve executive-level communications and risk analytics reporting.
Cryptzone (Waltham, Mass.). Cryptzone focuses on identity-centric security solutions to protect information from internal and external threats. The company uses a software-defined perimeter model to protect applications and content from threats, which can also streamline operations and lower costs. In the healthcare space, Cryptzone's network, application and content solutions are designed to encrypt data, restrict access to private information and share documents in a HIPAA-compliant way.
Cybereason (Boston). Cybereason's platform can identify a single component of an attack and connect it to other information in the system to shut down the attacker's entire campaign. The platform is designed to quickly build the complex attack story and simplify the resolution process.
CyberSight (Carlsbad, Calif.). CyberSight is a cybersecurity intelligence platform that predicts, detects and stops cyberattacks before they happen. CyberSight’s RansomStopper software uses proprietary technology and machine learning to provide multi-layered defense against ransomware for home and business uses.
Cylance (Irvine, Calif.). Cylance is an artificial intelligence-driven endpoint detection and response solution designed to predict and prevent cyberattacks. The company's products are designed to secure the entire healthcare infrastructure, working across Microsoft Windows and Mac OS X to integrate with existing security information and event management platforms.
Cymmetria (Palo Alto, Calif.). Cymmetria develops comprehensive cyber deception solutions based on breadcrumbs and decoys to lead attackers away from targets. Founded in 2014, the company aims to change the asymmetry of cybersecurity to reduce the odds hackers are left vulnerable information.
CynergisTek (Austin, Texas). CynergisTek is a cybersecurity and privacy consulting firm. The company helps organizations assess privacy and security risk programs with regulatory requirements as well as develop best practices for risk management. CynergisTek was named Best in KLAS for Cyber Security Advisory Services in 2017.
DarkOwl (Denver). DarkOwl is an information security company specializing in darknet (or "dark web") intelligence. Founded in 2009, DarkOwl has built the world's largest commercially available database of darknet content. Its database allows clients to search the darknet without accessing it directly, which is both difficult and dangerous. The darknet platform also allows clients to passively monitor the darknet for their sensitive information, enabling near real-time awareness of any potentially breached information.
Dataguise (Fremont, Calif.). Dataguise provides a solution for global data governance, allowing organizations to detect, protect and monitor sensitive data in real time on the premises and in the cloud. Healthcare organizations can use the company's Hadoop product to streamline and analyze billing data to reduce costs and fraud incidents; digitize patient records; and incorporate sensor and internet of things health monitoring data.
DataMotion Health (Florham Park, N.J.). DataMotion Health enables providers to communicate more efficiently across the care continuum. DataMotion provides secure messaging and connectivity solutions to exchange protected health information for clinical use and to deliver improved care at reduced costs.
DB Networks (San Diego). DB Networks aims to protect databases from insider threats and cyberattacks. Founded in 2009, the company launched the first signatureless database cybersecurity product in 2013 and has received a patent for its approach to database protocol information extraction. Last year, the company launched its first artificial intelligence-based agentless database activity monitoring to protect against cyberattacks.
Digital Defense (San Antonio). Digital Defense's Frontline Vulnerability Manager is a service platform designed to scan for vulnerabilities and provide penetration testing for organizations. The company's Frontline Social Testing promotes security-minded behaviors among employees. Overall, the company aims to safeguard data and ease burdens associated with maintaining information security.
DomainTools (Seattle). DomainTools examines network indicators and connects them with other active domains to develop risk assessments, identify attackers, assist in fraud investigations and map cybersecurity activity to attacker infrastructure. The company works with U.S. government agencies and contracts in addition to companies in the financial and healthcare space.
Duo Security (Ann Arbor, Mich.). Duo Security aims to secure organizations that operate in the cloud and manage a bring-your-own-device environment. Duo is a software as a service company that orchestrates two-factor authentication to help healthcare organizations maintain and share information in a HIPAA-compliant fashion. In May, the company launched a cybersecurity website called Decipher.
The Electronic Healthcare Network Accreditation Commission (Farmington, Conn.). Founded in 1993, the Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include ACOs, data registries, electronic health networks, EPCS vendors, e-prescribing solution providers, financial services firms, HIEs, HISPs, management service organizations, medical billers, outsourced service providers, payers, PMS vendors and third-party administrators. In addition to being an authorized HITRUST CSF Assessor, EHNAC currently has and supports 18 accreditation programs which include a set of common cyberhealth security baseline criteria, and are augmented by stakeholder sector-specific criteria that address the requirements unique to that sector.
eSentire (Cambridge, Ontario). eSentire is a pure-play managed detection and response service provider that protects organizations from the constantly evolving cyberattacks technology alone can't prevent. The company provides a 24-7 security operations center staffed by analysts to investigate and respond to threats in real time.
ESET (Bratislava, Slovakia). ESET was founded as an antivirus protection company and has expanded to include security solutions for customers in more than 200 countries. ESET's solution for healthcare companies protects against data breaches and can be deployed across multiple operating systems and endpoints.
EnSilo (San Francisco). EnSilo provides a comprehensive endpoint security platform to automatically respond to and eliminate complex security issues. The system also provides post-attack protection to avoid data theft or ransom. For healthcare organizations, the company's real-time endpoint security platform protects sensitive data in compliance with HIPAA standards.
Exabeam (San Mateo, Calif.). The Exabeam Security Intelligence Platform provides security intelligence and management solutions. Exabeam's platform can detect and respond to insider threats, track behavior analytics, protect against data loss, conduct breach investigations and report on data security compliance. The company earned SC Magazine's 2017 Best Emerging Technology award and was a finalist in the Cybersecurity Excellence Awards in 2017 for security analytics and threat hunting categories.
ExterNetworks (Piscataway, N.J.). ExterNetworks is a pioneer in Managed Technology Services with over 17 years of experience in providing end-to-end solutions featuring design, deployment and 24/7/365 support to top IT companies. With more than 500 unrivaled top employees and 1000+ field technicians, the company aims to eliminate all your managed services worries by deploying the solution in a jiffy.
FireMon (Overland Park, Kan.). FireMon's Security Management Platform seeks to improve security while reducing operational costs through analytics, simulation and automation. The company focuses on protecting cloud-bound enterprises with next-generation security intelligence.
Flexera Software (Itasca, Ill.). Flexera Software aims to help enterprises and application producers increase application usage and security. The company has more than 80,000 customers in a variety of industries. Flexera's FlexNet Producer Suite is designed for intelligent device manufacturers as an end-to-end solution for software licensing, entitlement management and device lifecycle management.
ForeScout (Cupertino, Calif.). ForeScout's approach to security protects organizations against emerging threats with the ForeScout CounterACT. The company's technology assesses, remediates and monitors devices continuously and works with disparate security tools to accelerate incidence response. More than 2,400 customers in 60 countries use ForeScout technology for network security and compliance. Healthcare organizations use the technology to secure agentless medical devices and mobile computing against cyberattacks.
ForgeRock (San Francisco). ForgeRock is a digital identity management company that works with organizations to adopt the ForgeRock Identity Platform. The platform allows healthcare providers to create secure digital identities for patients and collects data from apps, wearables and digital health and wellness services. In May, the company joined Philips, Qualcomm Life and others on a collaborative effort to enhance data from medical devices under the name OpenMedReady.
General Dynamics IT (Fairfax, Va.). General Dynamics IT's cybersecurity operations provide service support to select the best security systems, develop data protection policies and monitor their networks. The company provides cybersecurity for the Department of Defense, local and state governments and select commercial customers. The company provides its full security services in the General Dynamics Health Solutions package to secure hospitals' systems and protect information.
GigaTrust (Herndon, Va.). Founded in 2000, GigaTrust provides security software to protect emails and attachments, documents, administrative oversight and compliance tools. The company provides a software as a service secure document rendering experience inside and outside of an enterprise's network.
Globalscape (San Antonio). Globalscape was founded in 1996 and since then has grown to provide information exchange software and services to more than 13,000 customers in more than 150 countries. The company focuses on providing secure data transfer through its managed file transfer platform for on-premises, cloud or hybrid deployments. Globalscape also offers electronic funds transfer for healthcare organizations including secure and compliant data management, data integration, automation management, workflow management and real-time activity monitoring and tracking.
GreyCastle Security (Troy, N.Y.). GreyCastle Security is a risk management company with cybersecurity capabilities. The company provides a team of cybersecurity experts, a client portal to view cybersecurity efforts, custom security roadmaps, an incident response team and an account manager to maximize the cybersecurity program. The company also provides HIPAA risk assessments, 24/7 breach and incident response, HIPAA security training and policy development. In June, GreyCastle Security acquired EagleDream Technology's cybersecurity division, adding to the company's footprint in Rochester, N.Y., where 10 of the company's 75 experts are located.
GuardiCore (San Francisco). GuardiCore focuses on data center innovation and cloud security to deliver accurate and effective solutions to stop advanced threats. The company's real-time breach detection and response software was developed by cybersecurity experts to fight attacks in an organization's data center.
Gurucul (Segundo, Calif.). Companies around the globe use Gurucul technology to detect insider threats, cyber fraud, internet protocol theft and external attacks. The company's technology includes user behavior analytics and identity access intelligence that includes machine learning anomaly detection and predictive risk-scoring algorithms to prevent unnecessary access and breaches.
Haystack Informatics (Philadelphia). Haystack Informatics was founded out of the Children's Hospital of Philadelphia to provide solutions for monitoring patient privacy. Haystack professionals analyze interactions between hospital staff and patients to identify privacy violations and security risks. The team uses multiple detection engines to identify inappropriate behavior and reinforces employee training in privacy matters.
HID Global (Austin, Texas). HID Global provides identity security solutions to governments and hospitals as well as educational and financial institutions. The company provides information security solutions to hospitals, mobile device use, visitor management and HIPAA-compliant medical record security and also gives suppliers secure access to the appropriate data.
HITRUST Alliance (Frisco, Texas). HITRUST Alliance is a nonprofit organization leading advocacy efforts and educational support to safeguard healthcare information and manage risk. HITRUST was founded in 2007 to protect health information systems and exchanges, providing access to common risk and compliance management, de-identification frameworks and related assessment and assurance methodologies.
Hortonworks (Santa Clara, Calif.). Hortonworks creates and supports enterprise-ready open data platforms and modern data applications. Founded in 2011, the company provides services to Oracle, Microsoft and Red Hat, a multinational software company.
Iatric Systems, Inc. (Boxford, Mass.). Iatric Systems helps healthcare organizations monitor and protect patient privacy with four-time KLAS Category Leader, Security Audit Manager™. Building on 15 years of insights and more than 1,000 implementations of Security Audit Manager, Security Audit Manager iQ™ utilizes machine based learning to help you eliminate false positives, automate detection of inappropriate activity and alert your team when serious incidents occur. Additional solutions in our privacy and security portfolio enable hospitals to maintain regulatory compliance, manage workflow to perform due diligence with third-party relationships, and ensure secure remote access to your networks.
Impact Advisors (Naperville, Ill.). Impact Advisors is a nationally recognized healthcare information technology consulting firm that is solving some of the toughest challenges in the industry by delivering strategic advisory, implementation and optimization - including cybersecurity advisory and operations services - to the nation’s leading health care organizations. Impact Advisors recognizes the increasingly sophisticated and persistent cyber-attacks the healthcare industry faces and has developed a suite of security, privacy, and regulatory offerings aimed at reducing the likelihood and improving the response actions against such attacks. The firm has been recognized as a top-ranking supplier for cybersecurity advisory and consulting services in Black Book’s Annual Cybersecurity Survey.
Imprivata (Lexington, Mass.). Imprivata, the healthcare IT security company, provides healthcare organizations globally with a security and identity platform that delivers ubiquitous access, positive identity management, and multifactor authentication. Imprivata enables healthcare securely by establishing trust between people, technology, and information to address critical compliance and security challenges while improving productivity and the patient experience.
Interset (Ottawa, Ontario). Interset's platform can correlate multiple data classes and link security events to users, machines, applications and files to identify threats and remove false positives. The technology is designed to stop sensitive data theft. Interset has partnered with Toledo, Ohio-based Promedica; Huntington, W.Va.-based Valley Health System; and San Francisco-based Dignity Health, among other healthcare providers.
Ixia (Calabasas, Calif.). Ixia was founded in May 1997 to provide testing, visibility and security solutions for governments, service providers and network equipment manufacturers. The company helps customers manage IT and protect against security threats with technologies for mobile devices, cloud security, internet of things management and improved network visibility.
Liberty Investigation Forensic and Response Services (New York City). LIFARS is a global digital forensics and cybersecurity intelligence firm that provides cybersecurity solutions. The company conducts digital forensic investigations, incidence response services, web application security testing, digital risk assessments and academic research to optimize an organization's digital infrastructure.
LookingGlass Cyber Solutions (Reston, Va.). LookingGlass Cyber Solutions protects global enterprises and government agencies against cyberattacks. The company provides healthcare organizations with a team of analysts through its Threat Intelligence Analysis and Management system to identify potential security threats, analyze multiple threat factors and indicators as well as develop a plan to mitigate threats in real time.
McAfee (Santa Clara, Calif.). Simply put, McAfee creates affordable solutions that make the world of Healthcare a safer place. They’ve had a dedicated healthcare team over a decade. Who better to understand every facet of securing healthcare? The McAfee approach to providing orchestrated security has become the de facto standard for enterprise security — with solutions to protect the entire infrastructure — endpoints, network, web, mobile and embedded devices, and cloud. Healthcare IT counts on McAfee to help deliver proactive protection, complete security integration, unrivaled automation, and industry leading TCO.
MedCrypt (Encinitas, Calif.). MedCrypt provides application programming interfaces to encrypt data sent from devices and allows customers to assign unique keys to every actor in the system and monitor what devices are doing remotely in real time. After installation in the device, MedCrypt Nodes communicates with the company's centralized transaction monitoring service to look for anomalous behavior. In March 2018, MedCrypt won the HIMSS Venture Connect startup prize.
Meditology Services (Atlanta). Meditology Services provides consulting and management advisory to large hospitals and healthcare organizations across the country. Meditology's experts in IT risk management and healthcare IT consulting focus on assessing and developing security and compliance programs.
MedSec (Miami, Fla.). MedSec is the leading vulnerability research and security solutions provider for healthcare manufacturers, vendors, and providers. Established in 2015, MedSec was the first cybersecurity organization formed exclusively to serve the healthcare industry. MedSec brings cutting edge security services, solutions, and products to healthcare manufacturers and providers. Its researchers have deep technical background in the military, technology, and telecommunications fields. Capabilities include Device Cybersecurity Risk Assessment; Penetration Assessment; and System Design Review.
MicroSolved, Inc. (Columbus, Ohio). MicroSolved is a 26 year old cyber security company that performs cyber security medical device testing, medical application assessments against HIPAA standards, organizational risk assessment and passive network mapping/segmentation.
Menlo Security (Palo Alto, Calif.). Menlo Security's Isolation Platform contains and eliminates malware while giving a completely native experience. The company's platform uses the isolation model to ensure malware doesn't reach the endpoint to access patient data at hospitals, allowing administrators to expand internet capabilities without risking data security issues.
Merlin International (Vienna, Va.). Merlin International is a leading provider of next-generation cybersecurity solutions that protect government and commercial organizations. Merlin offers a broad portfolio of solutions that secure the enterprise from end points to networks, from governance to risk management, from infrastructure to information. Combining solutions with deep industry expertise and experience, Merlin delivers the cybersecurity solutions that organizations need to protect their most critical business assets, while furthering their mission.
Microsoft (Redmond, Wash.). Microsoft invests more than $1 billion in security research and development each year and created the Microsoft Enterprise Cyber Security Group to develop solutions for Microsoft customers. The company opened its Cyber Defense Operations Center in 2015 and works with healthcare organizations' C-suites to support a culture of cybersecurity.
MicroStrategy (Washington, D.C.). MicroStrategy provides enterprise analytics and mobility software to clients worldwide. Healthcare organizations use MicroStrategy's enterprise solution to boost operational efficiency, expand businesses and improve the quality of care and patient experience. The company's healthcare solutions focus on supply chain management, revenue cycle optimization, hospital operations, population health management and claims analysis.
Mimecast (Lexington, Mass.). Mimecast makes business email and data safer for customers worldwide. Founded in 2003, the company's next-generation cloud-based security, archiving and continuity services protect email and deliver comprehensive email risk management. With Mimecast healthcare organizations can respond to industry risks by safeguarding protected health information, preventing advanced attacks like ransomware, archiving email and keeping employees connected during a mail server outage. Mimecast also met healthcare privacy regulations by completing a HIPAA security compliance assessment.
NCC Group (Manchester, United Kingdom). Formed in 1999, NCC Group provides expertise in cybersecurity and risk mitigation. The company has more than 35 offices and 15,000 clients worldwide, providing a variety of services including internet of things consultancy.
NetScout (Westford, Mass.). NetScout's Adaptive Service Intelligence optimizes a hospital's analytics platforms to identify signs of outages in the hospital's network before they occur to diagnose and repair the issues quickly. The technology could prevent issues with a surgical robot powering down in the middle of surgery or video screens going dark during a procedure.
Netskope (Los Altos, Calif.). Netskope has a patented cloud-scale security platform designed to provide governance of all cloud usage while allowing real-time access to updates from the corporate network, remotely or from mobile apps. The company works with Oakland, Calif.-based Kaiser Permanente among other healthcare clients to protect against threats in the cloud and detect unusual data movement or activity.
Netwrix (Irvine, Calif.). Netwrix Auditor, a visibility platform for data security and risk management, provides clients with security analytics to detect anomalies in user behavior and investigate threat patterns. The Netwrix Auditor's solutions are HIPAA compliant.
Nexthink (Switzerland). Nexthink's Nexthinker is designed to help organizations reduce health information breach incidents and improve security and compliance. In the healthcare space, Nexthink helps institutions secure protected health information, ensures HIPAA compliance, reduces risk for HITECH penalties and facilitates bring-your-own-device adoption for physicians and clinicians.
NTT Security (Ismaning, Germany). NTT Security offers security, risk and compliance services to help organizations meet immediate challenges in data security. The company's technology solutions team works alongside consulting services to give advice on the appropriate solutions for risk management.
Okta (San Francisco). Okta's IT products use identity information to grant access to applications on any device at any time while enforcing strong security protections. The platform connects companies to customers and partners securely. Okta works with CMS, New York City-based Mount Sinai Health System and Nashville, Tenn.-based Envision Healthcare, among other healthcare customers, to provide adaptive multifactor authentication and HIPAA-compliant cloud identity solutions.
OneSpan (Oakbrook Terrace, Ill.). With more than 10,000 customers in 100 countries, OneSpan, formerly VASCO, provides security access to online information with two-factor authentication, transaction data signing, e-signature and identity management solutions. In the healthcare space, the company can secure protected health information in EHRs, protect electronic prescriptions and safeguard against unauthorized manipulation of mHealth apps.
OPSWAT (San Francisco). OPSWAT focuses on technologies to protect clients against cyberattacks. The company's solutions secure and manage IT infrastructure by scanning for known threats with anti-malware engines and sanitizing documents to prevent unknown threats.
Oracle Dyn Web Application Security (San Francisco). Formerly Zenedge, Oracle Dyne Web Application Security Services provides security professionals with the tools and expertise needed to defend websites, systems and applications from cyber security threats. The company uses adaptive machine learning and automation to combat cyber attacks proactively. The application's suite includes a bot manager, malware protection and application program interface protection.
Osirium (Theale, United Kingdom). Osirium's software development team aims to fill the virtual air gap for privileged account access. The company was founded in 2008 and focuses on cybersecurity and hybrid-cloud automation technology as well as privileged protection and task-automated solutions.
Ostendio (Arlington, Va.). Ostendio serves primarily healthcare clients, including WellDoc, the American College of Cardiology and Higi. The company's MyVCM Cybersecurity and Information Management platform uses behavioral analytics to drive employee and vendor engagement. Ostendio's solution manages all aspects of security and allows organizations to report their security profile to internal and external stakeholders.
PhishLabs (Charleston, S.C.). PhishLabs is a 24/7 service that protect organizations against cyberattacks targeting employees or customers. Founded in 2008, the company provides a full range of services to detect attacks, identify attack operations and mitigate underlying infrastructure to stop the threat. The company also provides services and training specific to protecting patient and healthcare provider information. In May, PhishLabs merged with BrandProtect, a threat intelligence and mitigation solutions provider.
Praetorian (Austin, Texas). Praetorian's solutions aim to identify and solve cybersecurity problems enterprisewide. The company's technical engineers and developers offer security expertise to minimize risk across digital assets. Praetorian offers corporate and product security solutions unified through its software platform. In the healthcare space, the company works with medical device manufacturers to identify and address vulnerabilities.
Prevalent Networks (Warren, N.J.). Prevalent Networks focuses on risk management through a product suite focused on automated vendor risk assessment, continuous vendor threat monitoring and vertical vendor networks. Healthcare organizations can use Prevalent Vendor Risk Management to better manage and monitor third- and fourth-party business associate risks.
PriorityOne Group (Rutherford, N.J.). PriorityOne Group manages, implements and provides integrated IT services to healthcare organizations in and around Bergen County, N.J. The company focuses on guiding providers, including ASCs, through HIPAA compliance, product integration and technology acquisition.
Proficio (Carlsbad, Calif.). Proficio provides always-on cybersecurity protection and services to help customers detect and respond to or prevent security breaches. For healthcare industry clients, the company provides round-the-clock managed security services to protect confidential patient information and maintain HIPAA compliance.
Promisec (Boston). Promisec is an endpoint system, software asset management and compliance company that aims to help organizations avoid cyberthreats and attacks that lead to data breaches. The company's technology provides secure endpoints and clean audits to meet regulatory compliance standards.
Protegrity (Stamford, Conn.). Protegrity aims to develop solutions to protect data throughout its lifecycle without disrupting workflow. The company can provide security across big data clusters, cloud environments, databases and mainframes. The Protegrity data security platform can protect sensitive healthcare data through tokenization and encryption technologies.
Prot-On (Spain). Prot-On provides a solution to protect files, decide who has access to files and track file activity. Healthcare organizations use Prot-On to securely store and communicate patient and prescription information as well as share health records with patients.
Protenus (Baltimore). Protenus' platform proactively monitors and protects patient privacy in EHRs. The company's technology uses artificial intelligence to understand how the workforce accessed patient records in the EHR.
Pulse Secure (San Jose, Calif.). Pulse Secure provides secure access solutions to enterprises and service providers. The company's virtual private network, network access control and mobile security products are designed for data security. In the healthcare space, Pulse Secure provides medical-grade network visibility and control solutions to support a bring-your-own-device environment and can ensure security for the internet of things.
Risk Based Security (Richmond, Va.). Risk Based Security focuses on risk identification and security management tools to protect a variety of clients, including drug companies and healthcare providers. Founded in 2011, the company offers a full set of analytics and dashboards designed to identify security risks by industry. The company provides several HIPAA- and HITECH-compliant solutions for protecting patient data.
RiskIQ (San Francisco). RiskIQ focuses on digital threat management, offering the RiskIQ Community Edition giving security analysts free access to the company's solutions within a collaborative online environment. RiskIQ provides a comprehensive digital threat management platform for healthcare providers to audit, discover, monitor, investigate and mitigate threats.
RiskSense (Albuquerque, N.M.). RiskSense focuses on reducing cyberattacks and security risks. Cybersecurity practitioners founded the company as a spin-off of New Mexico Institute of Mining and Technology in Socorro, which originally conducted research as a service project. Since then, the company has developed to advise the Department of Defense and intelligence community and create the RiskSense platform. The company also partners with healthcare organizations that have limited resources to protect against cyberattacks.
Rogue Wave Software (Boulder, Colo.). Founded in 1989, Rogue Wave has grown into a global company focused on cross-platform software development tools and embedded components. The company provides life science and medical companies with necessary tools and consulting expertise to accelerate the time it takes to bring their devices to market as well as achieve accurate and reliable results.
Rsam (Secaucus, N.J.). Rsam sets the foundation for enterprise risk management and includes intuitive templates to deploy in complex situations. The company offers audit management, compliance, risk management, security incident response and vendor risk management, among other services. In the healthcare space, Rsam delivers a comprehensive risk assessment tool and establishes repeatable and consistent processes to support compliance and an enterprisewide incident management program.
Rubicon Labs (San Francisco). Founded in 2012, Rubicon Labs' Zero-Knowledge Platform provides abstract key management services. The company's authorization capabilities, device security services and software can secure physicians' devices as well as medical devices to prevent hacking.
SailPoint (Austin, Texas). SailPoint’s identity governance platform provides healthcare organizations visibility into user access and transparency into who has access to what. Large healthcare providers now have more than a billion points of exposure to data breaches, mostly tied to the identity of individual employees and third parties. SailPoint provides a way of managing these points of exposure with the power of identity.
Seclore (Sunnyvale, Calif.). Seclore focuses on document protection to allow organizations to collaborate securely. Pharmaceutical companies can use Seclore's offerings to secure and govern their internet protocol and other confidential assets. The company's electronic digital reference model provides patient protection from product dossiers, unauthorized access and issues related to file sharing.
SecureAuth (Irvine, Calif.). Founded in 2005, SecureAuth focuses on authentication to ensure all entities attempting to access data are known and verified. The company's technology offers flexible identity access control solutions to protect virtual private network, on-premises, cloud, mobile and homegrown applications. For healthcare organizations, SecureAuth protects electronic prescriptions and protected health information in a HIPAA-compliant way.
SecureMySocial (New York City). SecureMySocial technology scans social media use and warns organizations about activities that expose them to risk in real time. The platform prevents information breaches and data leaks on social media. In May, the company was named to 2018 Cyber Security 500 list.
Sedara (Buffalo, N.Y.). Sedara is a managed security service provider with clients across the U.S. The company manages network security for clients and ensures regulatory compliance, including HIPAA compliance, for organizations across the spectrum. The company provides continual data monitoring and alert systems to identify and defeat hack attempts. In 2017, Sedara partnered with The Bonadio Group, a New York-based independent cybersecurity and compliance services provider.
SentinelOne (Palo Alto, Calif.). A group of international defense and intelligence experts founded SentinelOne to tackle cybersecurity issues with a new endpoint protection approach. The company's platform is certified as an antivirus preplacement. The SentinelOne Endpoint Protection Platform can monitor all endpoints accessing HIPAA-sensitive information and protect health information and can also predict advanced attacks and automate the threat response process.
Shape Security (Mountain View, Calif.). Shape provides protection against web and mobile cyberattacks to corporations around the world. The company is focused on protecting against high traffic and mobile application attacks. In the healthcare space, Shape Security can protect against distributed denial-of-service attacks and keep the organization's website running.
Sherlock Cloud Security (Portland, Ore.). Sherlock is a cloud-native security platform that uses automation and machine learning to protect your network with unparalleled speed and scalability. Sherlock is a complete virtual Security Operations Center (SOC), with 24x7x365 monitoring and management from a US-based team of security experts. Sherlock’s unique deployment approach ensures your data never co-mingles with any other entity. This helps accelerate compliance with HIPAA, ISO 27001, PCI, GDPR, and more.
Silverfort (Boston, Mass.). Silverfort enables healthcare organizations to protect all systems and data by adding strong adaptive authentication across all systems, including PACS, EMR, and other healthcare systems. Using Silverfort organizations can seamlessly add MFA to systems without installing software on servers or user devices, and without complex integrations or configurations.
Skybox Security (San Jose, Calif.). Skybox is a privately held cybersecurity management company established in 2002. Skybox's security platform uses firewall and network device data to detect vulnerabilities, and its powerful attack vector analytics can reduce response times for greater network control. The company covers more than 2,000 enterprises globally, including Delta Dental, Neptune, N.J.-based Meridian Health System and eHealthInsurance in the healthcare sector.
Spirion (Irvine, Calif.). Spirion provides enterprise data management software to minimize risks, costs and reputation damage associated with cyberattacks. The company's platform is designed to identify, classify and monitor personal information, medical records, credit card numbers and other intellectual property.
Stratiform (El Segundo, Calif.). PCM acquired Stratiform in January 2017. Stratiform is a cloud IT solutions provider with consulting, professional and managed services. The company specializes in Microsoft cloud technology and post-acquisition Stratiform plans to grow in the U.S. and Canada.
Swimlane (Louisville, Colo.). Swimlane is a security and operations management platform with the capability to centralize security alerts and automate attack response. The company provides security automation and orchestration to unify, analyze and resolve alerts from the organization's existing security tools and provide analysts with threat intelligence. The company's solution can also gather security metrics and generate reports on cybersecurity efforts.
Swivel Secure (West Yorkshire, United Kingdom). Founded in 2001, Swivel Secure's AuthControl Sentry authentication platform allows organizations to tailor authentication requirements according to individualized security policies. Earlier this year, the company expanded their global partner program concentrating efforts on the United States.
Sword & Shield (Knoxville, Tenn.). Sword & Shield is a holistic information security provider with solutions to evaluate, remediate and monitor data security. The company also provides consultants to assist in all aspects of the security and compliance lifecycle, including HIPAA compliance. The company's team of experts makes recommendations to increase HIPAA compliance with the HIPAA Security and Privacy kit.
Synopsys (Mountain View, Calif.). Synopsys is a software partner for companies around the world, focused on electronic design automation and semiconductor internet protocol. The company works with healthcare organizations to address cybersecurity risks for personal patient information and medical device hacking.
Symantec Corporation (Mountain View, Calif.). As the world’s leading cyber security company, healthcare organizations look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. Symantec operates one of the world's largest civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats. With a 10 year running dedicated healthcare practice, Symantec is active in multiple healthcare IT associations, and has received industry recognitions and awards, most recently as a Best in KLAS Category award winner for Data Loss Prevention (DLP).
Tanium (Emeryville, Calif.). Tanium's solution for hospitals and health systems provides complete visibility across managed and unmanaged endpoints to improve security hygiene. The tool allows users to ask a simple or complex question of any or all endpoints and receive a response directly from all endpoints within 15 seconds. Tanium can also collect data from third-party endpoint agents to bring multiple security and IT operations under one platform, which can help streamline operations and reduce costs.
ThreatMetrix (San Jose, Calif.). The ThreatMetrix Digital Identity Network is designed to inspect digital transactions across applications, devices and locations in real time. The company also provides online fraud prevention and can pinpoint suspect behavior and fraud attempts before damage is done. The company also provides authentication for patients, payers and physicians logging into the system.
TraceSecurity (Baton Rouge, La.). TraceSecurity is a leading provider of cybersecurity and compliance solutions that help organizations of all sizes reduce the risk of cyber breaches and demonstrate compliance. With a combination of software and services, TraceSecurity can help organizations manage their information security program and supplement it with third-party validation.
TrapX Security (San Mateo, Calif.). TrapX Security's TrapX DeceptionGrid allows customers to send "traps" that impersonate systems and devices, responding like attackers in the real world, to fool and entrap attackers. Sending out multiple traps alongside real systems and devices ensures the system can identify and contain attackers before any damage is done. The technology can detect sophisticated attackers and provide real-time forensics and analysis for the hospital's security operations team to take immediate action.
Trend Micro (Irving, Texas). Trend Micro is a global cybersecurity company providing solutions for consumers, businesses and governments. The company's XGen solution was developed to help healthcare organizations improve security before, during and after attacks.
TrustPoint Solutions (Suwanee, Ga.). TrustPoint Solutions provides IT transformation, disaster recovery and security services to healthcare organizations. The TrustPoint team provides strategic advisory, planning and implementation services to help clients leverage their IT investment.
Trustwave (Chicago). Trustwave currently works with more than 3 million businesses to protect data and reduce security risks. The company provides a flexible portfolio of services to healthcare organizations designed to protect their specific infrastructure, networks and data while remaining HIPAA and HITECH compliant.
Tufin (London, U.K.). Tufin's security policy orchestration solutions streamline security policy management across complex, heterogeneous organizations. The company's technology alliance program partners with industry leaders to integrate the Tufin Orchestration Suite with their existing solutions.
Untangle (Sunnyvale, Calif.). The Untangle NG Firewall is designed as a single, modular platform that clients can run on their own hardware or as a virtual machine. Untangle helps the healthcare industry comply with HIPAA and HITECH through granular controls over who has access to the data.
Varonis (New York City). Varonis' platform collects, stores and analyzes metadata in real time to protect data from cyberattacks. Organizations can monitor their unstructured data using the company's platform. Varonis specializes in protecting file and email systems storing spreadsheets, word processing documents, presentations and audio and video files that contain sensitive information. The company also offers a HIPAA compliance crash course.
Venafi (Salt Lake City). Venafi's platform pinpoints machine identity weaknesses and automatically makes updates to lower security risks. The company's platform is designed to help healthcare organizations better secure keys and certificates against privacy breaches by strengthening the cryptology.
Vera (Palo Alto, Calif.). Vera aims to protect data with strong encryption on any device without changing the existing workflow. The company's data-centric security solution is designed for collaboration while ensuring a high level of security, visibility and control. Vera includes HIPAA-compliant verticals for healthcare providers as well as pharmaceutical companies to secure intellectual property and trial data.
Virtru (Washington, D.C.). Virtru's products allow businesses and individuals to control access to emails, documents and data regardless of where the files are shared. In the healthcare space, the company's technology allows providers to share HIPAA-compliant emails and attachments, automatically identifying and encrypting personal health information. The company focuses on business privacy and data protection for more than 5,000 organizations worldwide. In May, the company closed a $37.5 million series B investment.
WhiteHat Security (Santa Clara, Calif.). WhiteHat Security focuses on securing web applications and delivering solutions to reduce the risk of cyberattacks. Healthcare providers use the company's technology as well as expertise to deploy secure applications and websites, as well as third-party apps.
WinMagic (Mississauga, Ontario). WinMagic is a data security solutions company that secures data where it's stored and provides enterprise-grade data encryption and key management policies across an organization's operation systems. In the healthcare space, the company's platform encrypts patient data and takes steps to ensure there won't be a compliance breach.
Wombat Security, a division of Proofpoint (Pittsburgh). Founded in 2008, Wombat Security received funding from the National Science Foundation and Department of Defense to develop a suite of cybersecurity software training and filtering technologies. The company evolved its provider awareness and training software to support clients' efforts to teach secure behavior. In February 2017, the company expanded its healthcare security awareness training program to include ransomware training. Wombat Security was acquired by Proofpoint in March of 2018.
Zenedge (Aventura, Fla.). Zenedge offers security for web applications and networks. The company's platform stops malicious bot traffic and distributed denial-of-service attacks and offers ongoing monitoring and security updates. The company's cybersecurity platform includes an artificial intelligence engine and advanced bot mitigation and management. Zenedge's cybersecurity solution can protect medical records and health information.
Zix (Dallas). Zix protects business communications through email encryption. The company's solutions support around 15,000 businesses and 1,200 U.S. hospitals with email encryption, data loss prevention and bring-your-own-device security. In April, Zix acquired Seattle-based Erado, a provider of archiving, supervision, eDiscovery and analytics for the financial sector.