Promise to customers: high usability and ePHI/HIPAA protection

When clients asked for increased protected health information (PHI) security, MedNet took the opportunity to go even further. They set their minds to finding a solution that would strengthen security for PHI and HIPAA compliance and streamline their overall security processes—all as they migrated to the cloud.

MedNet’s customers require absolute data privacy. For nearly 20 years, MedNet has been supporting clinical research initiatives for partners worldwide who work with highly sensitive information in biotech, pharmaceuticals, medical devices, and animal trials. MedNet’s electronic data capture (EDC) product, iMedNet, is the customer favorite of the e-clinical technology platforms MedNet offers. It helps science and healthcare professionals and clinical trial services securely utilize highly sensitive data from pre-clinical through phase IV studies. Among favorite features are high usability and configurability wherever customers are based.

The challenge for MedNet was to balance iron-clad confidentiality around PHI with a high level of usability for their EDC.

PHI protection + HIPAA & Client data

To increase the usability of their EDC, iMedNet would migrate to AWS. MedNet needed the ability to totally monitor and secure iMedNet in the cloud, even as it grew in users or varied in traffic. Risk-savvy clients requested a Web Application Firewall and API protection for protection and assurances about data privacy.

Several WAF competitors met the requirements but required the traffic to be routed through their proxy servers. The catch was routing through their proxy servers required the execution of a BAA agreement and incurred higher costs.

MedNet decided to test a WAF built for AWS by Wallarm. It wasn’t the most obvious or expensive solution at the start. But it met their criteria. The right security solution would:

• Protect customer PHI
• Advance and streamline HiPAA compliance
• Keep the business pipeline moving swiftly—easily integrating into their processes and toolset while scaling with them as they grow.

Performance testing

MedNet initially deployed Wallarm as a proof of concept to ensure it would meet with internal requirements, including performance testing with iMedNet to be sure that the WAF did not introduce a bottleneck.

MedNet’s Stack

The MedNet team chose to first deploy the Wallarm as a docker container, then configure both it and the NGINX proxy. Next, the team put logging and monitoring in place to guarantee issues could be identified and fixed as quickly as possible.

Once operating, MedNet found the Wallarm easy to support. They collected the log files and shipped them to Sumo Logic.

In testing, Wallarm quickly identified a couple of key items to watch for. The operations team identified these as leading indicators of potential issues to come. The identified types of alerts were used to prompt a proactive restart of the containers.

The WAF’s proof of concept won Wallarm a place in the MedNet security stack. Performance testing had proven Wallarm for AWS a better solution, made easier.

• AWS EC2 instances in multiple regions
• Micro-services infrastructure with Docker’s containers
• Sumo Logic SIEM
• Container management tools

The tech: Wallarm over other Solution

In addition to compliance and security assurances for iMedNet in AWS, there were solid reasons MedNet listed as to why it chose Wallarm over some of its competitors. Here is what they said:

• Managed service makes the most of resources
  ‍MedNet doesn’t have spare security expertise in-house. Managed service meant Wallarm’s security professionals could monitor traffic to and from iMedNet—saving money and freeing security teams for more essential oversight.
  ‍
• No external proxy servers (helps HIPPA)
  ‍Wallarm leverages proxy servers on MedNet’s own infrastructure to concentrate traffic at a central point. These proxy servers may have PHI data on them because they terminate SSL connections, which means they can examine the contents of the network flow. (It’s also when the Wallarm node examines the traffic flow)
  No BAA is required using Wallarm since the Wallarm servers are deployed on MedNet Infrastructure. That saves money and helps with HIPAA.‍
  ‍
• Ease of use: deployment to upkeep
  ‍The Wallarm solution is simple to deploy and update.
  MedNet’s chose to use the Wallarm Docker container deployment option. Containers are easily deployed to multiple servers behind load balancers. It allows MedNet to rotate in new Wallarm servers behind the load balancers while Wallarm drains traffic off old Wallarm servers. No downtime.
  Wallarm lets MedNet react quickly to identified vulnerabilities while minimizing impact on their operations.
  ‍‍
• Comprehensive, real-time security
  ‍Wallarm’s powerful AI engine provides an overview of traffic, information about attacks and incidents, and vulnerability scanning fast.
  The web-based management interface provides a nearly real-time view of both the traffic being managed and information about attacks and incidents that may be happening. Wallarm also provides vulnerability scanning, checking exposed IP addresses it associates with MedNet Solutions.
  

The ability to meet HIPAA guidelines for PHI compliance and to be able to provide the service at a reasonable price point were important in the decision to go with Wallarm. WAF and API security is very important to help manage and support a complex application such as iMedNet.

Gary Johnson, Infrastructure Architect

‍