Healthcare cybersecurity protects from data loss, ensures medical services are running smoothly and safeguards confidential patient information. With cyberattacks on the rise in 2023, cybersecurity companies are helping healthcare organizations remain focused on providing the best possible care.
Here are 121 companies focused on cybersecurity for hospitals, health systems and other healthcare organizations. Contact Anna Falvey at afalvey@beckershealthcare.com with questions, comments, or to recommend a company for this list.
Note: Cybersecurity companies do not and cannot pay for inclusion on this list. This list is not a ranking or rating, and companies are listed in alphabetical order.
Absolute (Vancouver, Canada). Absolute offers near real-time security breach remediation. The company's Absolute Persistence product, a self-healing endpoint security technology, provides IT personnel control over devices and data. Absolute's cloud-based visibility allows for remote IT asset management and security for healthcare providers, including support from its healthcare information security and privacy practitioners and ASIS-certified protection professionals.
Agari (San Mateo, Calif.). Agari allows companies to secure themselves and customers from advanced phishing attacks. The Agari Email Trust Platform helps healthcare organizations verify trusted email identities and stop threats of identity deception.
AlienVault (San Mateo, Calif.). AlienVault is the provider of Unified Security Management, a comprehensive approach to security monitoring, and the AlienVault Open Threat Exchange, an open threat intelligence community enabling collaborative defense with community-powered threat data. USM is designed to monitor cloud, hybrid cloud and on-premises environments.
AllClear ID (Austin, Texas). AllClear ID provides breach response and customer identity protection services. The company notifies customers in the event of identity theft and assigns a dedicated investigator to initiate any dispute processes, recover financial losses and restore credit reports to the pre-fraud state.
Armis (San Francisco). Armis, the leading asset visibility and security company, provides the industry’s first unified asset intelligence platform designed to address the new extended attack surface that connected assets create. Fortune 100 companies trust our real-time and continuous protection to see with full context all managed, unmanaged assets across IT, cloud, IoT devices, medical devices, operational technology, industrial control systems, and 5G. The privately held company provides passive cyber asset management, risk management, and automated enforcement.
Attivo Networks ThreatDefend (Fremont, Calif.). The ThreatDefend Deception and Response Platform is a powerful security control for an active defense, which provides early threat detection and changes the asymmetry against attackers. The Attivo Networks deception solution takes an innovative approach to detection by dynamically setting traps and lures to create a virtual hall of mirrors, altering an attacker's reality and imposing increased cost as they are forced to decipher what is real versus fake.
Auth0 (Bellevue, Wash.). Auth0 is a HIPAA-compliant service that healthcare organizations can use with their business associates when handling protected healthcare information. The company provides authentication for third-party business associates and ensures all data transfers are HIPAA-compliant. On May 15, the company announced $55 million in series D funding.
Avertium (Phoenix). Avertium is an end-to-end cybersecurity solutions provider. The company use application programming interfaces to help healthcare organizations coordinate patient care in unprecedented ways, making it faster and easier to store patient data.
Axway (Phoenix). The Axway Amplify Platform is a data and engagement platform that can provide real-time operational intelligence and API lifestyle management. In the healthcare space, the Axway Amplify can help eliminate silos, overcome interoperability challenges, accelerate meaningful use and promote patient engagement with health information.
Barracuda Networks (Campbell, Calif.). Barracuda Networks offers solutions to solve IT problems including content security, networking and application delivery and data storage, protection and disaster recovery. The Barracuda Web Application Firewall provides secure access to patient portals while the Barracuda NextGen Firewall F secures network devices against persistent threats, malware and zero-day exploits.
Barrier1 (Minneapolis). Barrier1's Real-Time Intelligent Threat Management and the Advanced Analytics Reactive Engine platforms are designed to protect against security breaches. The technology inspects traffic type and dataflow to stop malware and viruses; analyzes the real time data flow; and inspects the network with multiple methods of authentication. The company's customers include hospitals, clinics and specialty providers with MRI and CT Scans from multiple hospitals and clinics.
Battelle (Columbus, Ohio). Battelle is a nonprofit research and development organization that includes a team of experts devoted to medical device cybersecurity. The team members, led by a certified ethical hacker, hacks into medical devices to help manufacturers identify vulnerabilities in the software, mitigate cybersecurity risks and help design new products.
BeyondTrust (Phoenix). BeyondTrust delivers cybersecurity solutions designed to reduce risks and act against internal and external data breach threats. The company offers an integrated risk intelligence platform to identify critical risks and provide information for the company. In the healthcare space, BeyondTrust's PowerBroker privileged account management solution enforces best practices; its Retina vulnerability management solutions allows the healthcare IT security team to identify exposure, analyze the business impact and conduct remediation.
BIO-key (Wall Township, N.J.). BIO-key offers biometric software and hardware solutions to strengthen user authentication. The company's products include finger scanning devices for authentication in addition to passwords, PINs tokens and cards for customers to secure their devices.
Biscom (Chelmsford, Mass.). Biscom is the leading provider of secure document delivery solutions for healthcare. The company’s secure file transfer, secure enterprise fax solutions, and cybersecurity consulting help some of the country’s largest healthcare providers keep documents secure, information sharing compliant, and employees collaborating.
BlueCat (Grapevine, Texas). BlueCat centralizes and automates domain name server services so organizations can leverage the DNS data for increased visibility, control and compliance. The company takes a software-centric approach to information security and promotes interoperability to manage complex network structures. In the healthcare arena, BlueCat allows organizations to centrally manage and track wired and wireless networks and devices.
CORL Technologies (Atlanta). Founded in 2012, CORL Technologies provides vendor security risk management solutions as part of the vendor risk management program. The program allows healthcare organizations to monitor vendor risk, ease compliance audits and improve executive-level communications and risk analytics reporting.
Centripetal (Herndon, Va.). Centripetal's core networking technologies are designed to simplify cyber intelligence collection and management to stop unwanted network traffic. The company's QuickThreat Gateway combines proprietary software and hardware to detect and enforce 5 million threat indicators. In 2017, Centripetal was named a Gartner "Cool Vendor" in security.
Critical Insight (Seattle, Wash.). Critical Insight provides managed detection and response services, combining purpose-built technology with expert security analysts to perform full-cycle threat detection, investigation, response, and recovery. Forged in healthcare, Critical Insight’s technology platform, Security Operations Center, and information security consulting services help healthcare customers gain critical insight into their security posture.
Citrix (Fort Lauderdale, Fla.). Citrix provides a secure digital workspace to unify apps, data and services necessary for productive organizations while allowing IT personnel to manage complex cloud environments. The workspace as a service company developed a platform for enterprise file synchronization and sharing with users across all business segments. The Citrix Windows apps solution allows healthcare organizations to securely deliver apps to diverse mobile devices including tablets and smartphones. The company's Enterprise Mobility Management Technologies provides security for bring-your-own-device environments.
ClearDATA (Austin, Texas). ClearDATA is the only provider of cloud security and compliance software and services purpose-built for healthcare, enabled by the powerful CyberHealth Platform. The company's cloud security posture management solutions offer full visibility, protection, automation, remediation, and enforcement of security and compliance measures to protect PHI and other sensitive healthcare data in the public cloud.
Clearwater (Nashville, Tenn.). Clearwater helps organizations across the healthcare ecosystem move to a more secure, compliant, and resilient state so they can achieve their missions. Bolstered by its 2022 mergers with CynergisTek and TECH LOCK, the company provides a deep pool of experts across a broad range of cybersecurity, privacy, and compliance domains, purpose-built software that enables efficient identification and management of cybersecurity and compliance risks, and a tech-enabled security operations center with managed threat detection and response capabilities.
CloudWave (Marlborough, Mass.). CloudWave provides cloud, cybersecurity and managed services that deliver a multi-cloud approach to enable healthcare organizations with any EHR service to architect, integrate, manage and protect personalized solutions using private cloud, public cloud and cloud edge resources. It delivers EHR and enterprise cloud services for more than 285 hospital environments in six countries. CloudWave’s OpSus cloud services provide managed hosting, end-to-end disaster recovery, systems management, cybersecurity, backup and archiving services. In 2022, CloudWave acquired Sensato Cybersecurity to meet the needs of its customers with increased security capabilities focused on healthcare due to the impact of cybercrime and ransomware on hospitals and health systems.
Coalfire (Westminster, Colo.). Coalfire is the cybersecurity advisor that helps covered entities and business associates avert threats, close gaps and effectively manage risk. By providing independent and tailored advice, compliance assessments, technical testing and cyber engineering services, the company secures health data throughout the care continuum. Coalfire is one of the original HITRUST CSF assessor firms with the experience required to efficiently manage successful certifications.
Code42 (Minneapolis). Code42 is a software as a service solution designed to back up distrusted end-user data on a secure platform. The company's software can protect files across Mac, Windows and Linux laptops and desktops automatically to limit risks and meet data privacy regulations.
Comodo (Clifton, N.J.). Comodo has more than 100 million installations of its security product in healthcare as well as other industries. Comodo's technology authenticates, validates and secures networks and infrastructures around the world, designed to solve advanced malware threats, both known and unknown.
Cybereason (Boston). Cybereason's platform can identify a single component of an attack and connect it to other information in the system to shut down the attacker's entire campaign. The platform is designed to quickly build the complex attack story and simplify the resolution process.
CyberSight (Carlsbad, Calif.). CyberSight is a cybersecurity intelligence platform that predicts, detects and stops cyberattacks before they happen. CyberSight’s RansomStopper software uses proprietary technology and machine learning to provide multi-layered defense against ransomware for home and business uses.
DarkOwl (Denver). DarkOwl is an information security company specializing in darknet (or "dark web") intelligence. Founded in 2009, DarkOwl has built the world's largest commercially available database of darknet content. Its database allows clients to search the darknet without accessing it directly, which is both difficult and dangerous. The darknet platform also allows clients to passively monitor the darknet for their sensitive information, enabling near real-time awareness of any potentially breached information.
DataMotion Health (Florham Park, N.J.). DataMotion Health enables providers to communicate more efficiently across the care continuum. DataMotion provides secure messaging and connectivity solutions to exchange protected health information for clinical use and to deliver improved care at reduced costs.
DB CyberTech (San Diego). DB Networks aims to protect databases from insider threats and cyberattacks. Founded in 2009, the company launched the first signatureless database cybersecurity product in 2013 and has received a patent for its approach to database protocol information extraction. Last year, the company launched its first artificial intelligence-based agentless database activity monitoring to protect against cyberattacks.
Diligent (New York City). Diligent is a software company that allows organizations to share information for board meetings. Their product offerings address governance, leadership, audit, risk, compliance and more. They touch several industries, including healthcare, nonprofit, technology, higher education and many others.
DNSFilter (Washington, D.C.). With 70% of attacks involving the domain name system layer, DNSFilter provides Protective DNS powered by machine learning. By securing the DNS layer, healthcare organizations can protect sensitive data from malicious domains that spread phishing, botnets, ransomware attacks and more.
DomainTools (Seattle). DomainTools examines network indicators and connects them with other active domains to develop risk assessments, identify attackers, assist in fraud investigations and map cybersecurity activity to attacker infrastructure. The company works with U.S. government agencies and contracts in addition to companies in the financial and healthcare space.
eSentire (Waterloo, Ontario). eSentire protects the critical data and applications of over 2,000 organizations across 35 industries from known and unknown cyber threats. The company provides exposure management, managed detection and response and incident response services designed to build an organization's cyber resilience and prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65 percent of its global base recognized as critical infrastructure, vital to economic health and stability.
ESET (Bratislava, Slovakia). ESET was founded as an antivirus protection company and has expanded to include security solutions for customers in more than 200 countries. ESET's solution for healthcare companies protects against data breaches and can be deployed across multiple operating systems and endpoints.
Exabeam (San Mateo, Calif.). The Exabeam Security Intelligence Platform provides security intelligence and management solutions. Exabeam's platform can detect and respond to insider threats, track behavior analytics, protect against data loss, conduct breach investigations and report on data security compliance. The company earned SC Magazine's 2017 Best Emerging Technology award and was a finalist in the Cybersecurity Excellence Awards in 2017 for security analytics and threat hunting categories.
ExterNetworks (Piscataway, N.J.). ExterNetworks is a pioneer in Managed Technology Services with over 17 years of experience in providing end-to-end solutions featuring design, deployment and 24/7/365 support to top IT companies. With more than 500 unrivaled top employees and 1000+ field technicians, the company aims to eliminate all your managed services worries by deploying the solution in a jiffy.
F5 (Seattle). F5 is a technology company specializing in app security, cloud management, fraud prevention, traffic optimization and more. The company often provides healthcare companies with the technology they need to prevent healthcare fraud. F5 acquired Shape Security in 2020.
FireMon (Overland Park, Kan.). FireMon's Security Management Platform seeks to improve security while reducing operational costs through analytics, simulation and automation. The company focuses on protecting cloud-bound enterprises with next-generation security intelligence.
Flexera (Itasca, Ill.). Flexera Software aims to help enterprises and application producers increase application usage and security. The company has more than 80,000 customers in a variety of industries. Flexera's FlexNet Producer Suite is designed for intelligent device manufacturers as an end-to-end solution for software licensing, entitlement management and device lifecycle management.
Forescout (Cupertino, Calif.). Forescout's approach to security protects organizations against emerging threats with the Forescout CounterACT. The company's technology assesses, remediates and monitors devices continuously and works with disparate security tools to accelerate incidence response. More than 2,400 customers in 60 countries use Forescout technology for network security and compliance. Healthcare organizations use the technology to secure agentless medical devices and mobile computing against cyberattacks.
ForgeRock (San Francisco). ForgeRock is a digital identity management company that works with organizations to adopt the ForgeRock Identity Platform. The platform allows healthcare providers to create secure digital identities for patients and collects data from apps, wearables and digital health and wellness services. In May, the company joined Philips, Qualcomm Life and others in a collaborative effort to enhance data from medical devices under the name OpenMedReady.
Fortified Health Security (Franklin, Tenn.). As a managed security service provider, Fortified Health Security offers a broad range of advisory and security operations center services that help organizations throughout the healthcare ecosystem protect patient data and reduce risk. Working alongside their clients, Fortified builds customized programs for healthcare organizations that leverage their prior security investments and current processes while implementing new solutions that strengthen their security posture over time.
General Dynamics IT (Fairfax, Va.). General Dynamics IT's cybersecurity operations provide service support to select the best security systems, develop data protection policies and monitor their networks. The company provides cybersecurity for the Department of Defense, local and state governments and select commercial customers. The company provides its full security services in the General Dynamics Health Solutions package to secure hospitals' systems and protect information.
GreyCastle Security (Troy, N.Y.). GreyCastle Security is a risk management company with cybersecurity capabilities. The company provides a team of cybersecurity experts, a client portal to view cybersecurity efforts, custom security roadmaps, an incident response team and an account manager to maximize the cybersecurity program. The company also provides HIPAA risk assessments, 24/7 breach and incident response, HIPAA security training and policy development. In May, GreyCastle partnered with DeepSeas to offer advanced managed detection and response services.
Gurucul (Segundo, Calif.). Companies around the globe use Gurucul technology to detect insider threats, cyber fraud, internet protocol theft and external attacks. The company's technology includes user behavior analytics and identity access intelligence that includes machine learning anomaly detection and predictive risk-scoring algorithms to prevent unnecessary access and breaches.
HID Global (Austin, Texas). HID Global provides identity security solutions to governments and hospitals as well as educational and financial institutions. The company provides information security solutions to hospitals, mobile device use, visitor management and HIPAA-compliant medical record security and also gives suppliers secure access to the appropriate data.
HITRUST Alliance (Frisco, Texas). HITRUST Alliance is a nonprofit organization leading advocacy efforts and educational support to safeguard healthcare information and manage risk. HITRUST was founded in 2007 to protect health information systems and exchanges, providing access to common risk and compliance management, de-identification frameworks and related assessment and assurance methodologies.
iatricSystems, inc (Boxford, Mass.). iatricSystems, inc helps healthcare organizations monitor and protect patient privacy with Haystack™ iS. Building on 15 years of insights the solution utilizes machine based learning to help you eliminate false positives, automate detection of inappropriate activity and alert your team when serious incidents occur. Additional solutions in our privacy and security portfolio enable hospitals to maintain regulatory compliance, manage workflow to perform due diligence with third-party relationships, and ensure secure remote access to your networks.
Impact Advisors (Naperville, Ill.). Impact Advisors is a leading healthcare management consulting firm committed to solving the industry’s emerging and evolving challenges. They provide complete security coverage for their clients, including strategy, operations, organization, and business continuity services. By partnering with proven security solution providers to offer data, application, and network and system security, they deliver a single point of contact, accountability, and quality assurance. Their experts average 20 years of industry experience, many having worked as CISOs for healthcare organizations. Healthcare is their only business, and they possess a keen grasp of how to bridge financial, clinical, technical, physical, and administrative processes with the privacy and security requirements tied to federal regulations. Impact Advisors was recognized as Best in KLAS for Security & Privacy Consulting Services in 2023, 2022, and 2021.
Imprivata (Lexington, Mass.). Imprivata, the healthcare IT security company, provides healthcare organizations globally with a security and identity platform that delivers ubiquitous access, positive identity management, and multifactor authentication. Imprivata enables healthcare securely by establishing trust between people, technology, and information to address critical compliance and security challenges while improving productivity and the patient experience
Ixia (Calabasas, Calif.). Ixia was founded in May 1997 to provide testing, visibility and security solutions for governments, service providers and network equipment manufacturers. The company helps customers manage IT and protect against security threats with technologies for mobile devices, cloud security, internet of things management and improved network visibility.
Keyfactor (Independence, Ohio). Keyfactor brings digital trust to the hyper-connected world with identity-first security for every machine and human. By simplifying public key infastructure, automating certificate lifecycle management, and securing every device, workload, and thing, Keyfactor helps organizations move fast to establish and maintain digital trust at scale. The platform is designed to help healthcare organizations better improve reporting, reduce outages, and save time due to self-service certificate requests, allowing organizations to scale and accommodate growing needs while protecting data from cybersecurity threats.
Latitude Information Security (Exton, Pa.). Latitude is an information security consulting firm that provides individual security services such as risk assessments, security program development, penetration testing, application security assessments, and other necessary security services and activities to a nationwide client base. The company complements these individual services through security team staffing and augmentation as well as full program outsourcing. By evaluating risks and providing the necessary resources and support for improved security, Latitude simplifies the process for meeting and maintaining information security compliance standards with a detail-oriented approach and tailored path for each client.
LookingGlass Cyber Solutions (Reston, Va.). LookingGlass Cyber Solutions protects global enterprises and government agencies against cyberattacks. The company provides healthcare organizations with a team of analysts through its Threat Intelligence Analysis and Management system to identify potential security threats, analyze multiple threat factors and indicators as well as develop a plan to mitigate threats in real time.
McAfee (Santa Clara, Calif.). Simply put, McAfee creates affordable solutions that make the world of Healthcare a safer place. They’ve had a dedicated healthcare team over a decade. Who better to understand every facet of securing healthcare? The McAfee approach to providing orchestrated security has become the de facto standard for enterprise security — with solutions to protect the entire infrastructure — endpoints, network, web, mobile and embedded devices, and cloud. Healthcare IT counts on McAfee to help deliver proactive protection, complete security integration, unrivaled automation, and industry leading TCO.
MedCrypt (Encinitas, Calif.). MedCrypt provides application programming interfaces to encrypt data sent from devices and allows customers to assign unique keys to every actor in the system and monitor what devices are doing remotely in real time. After installation in the device, MedCrypt Nodes communicates with the company's centralized transaction monitoring service to look for anomalous behavior. In March 2018, MedCrypt won the HIMSS Venture Connect startup prize.
Insight Enterprises (Chandler, Ariz.). Insight Enterprises, formerly Stratiform, blends people and technology to support transformation. Their suite of solutions, along with deep technical expertise and supply chain abilities, assist businesses in achieving their goals. They are experts in cybersecurity, data and AI, intelligent edge, modern apps, modern infrastructure, the modern workplace and more.
Ivanti (South Jordan, Utah). Ivanti connects cybersecurity, endpoint management and enterprise service management technologies with intelligent automation products. Over 40,000 customers use Ivanti to find, manage, protect and service their IT assets. Invanti acquired Pulse Secure in 2020.
Meditology Services (Atlanta). Meditology Services provides consulting and management advisory to large hospitals and healthcare organizations across the country. Meditology's experts in IT risk management and healthcare IT consulting focus on assessing and developing security and compliance programs.
MedSec (Miami, Fla.). MedSec is the leading vulnerability research and security solutions provider for healthcare manufacturers, vendors, and providers. Established in 2015, MedSec was the first cybersecurity organization formed exclusively to serve the healthcare industry. MedSec brings cutting edge security services, solutions, and products to healthcare manufacturers and providers. Its researchers have deep technical background in the military, technology, and telecommunications fields. Capabilities include Device Cybersecurity Risk Assessment; Penetration Assessment; and System Design Review.
MicroSolved, Inc. (Columbus, Ohio). MicroSolved is a cyber security company that performs cybersecurity medical device testing, medical application assessments against HIPAA standards, organizational risk assessment and passive network mapping/segmentation.
Menlo Security (Palo Alto, Calif.). Menlo Security's Isolation Platform contains and eliminates malware while giving a completely native experience. The company's platform uses the isolation model to ensure malware doesn't reach the endpoint to access patient data at hospitals, allowing administrators to expand internet capabilities without risking data security issues.
Merlin Cyber (Tysons, Va.). Merlin is a leading provider of next-generation cybersecurity solutions that protect government and commercial organizations. Merlin offers a broad portfolio of solutions that secure the enterprise from end points to networks, from governance to risk management, from infrastructure to information. Combining solutions with deep industry expertise and experience, Merlin delivers the cybersecurity solutions that organizations need to protect their most critical business assets, while furthering their mission.
Microsoft (Redmond, Wash.). Microsoft invests more than $1 billion in security research and development each year and created the Microsoft Enterprise Cyber Security Group to develop solutions for Microsoft customers. The company opened its Cyber Defense Operations Center in 2015 and works with healthcare organizations' C-suites to support a culture of cybersecurity.
MicroStrategy (Washington, D.C.). MicroStrategy provides enterprise analytics and mobility software to clients worldwide. Healthcare organizations use MicroStrategy's enterprise solution to boost operational efficiency, expand businesses and improve the quality of care and patient experience. The company's healthcare solutions focus on supply chain management, revenue cycle optimization, hospital operations, population health management and claims analysis.
Mimecast (Lexington, Mass.). Mimecast makes business email and data safer for customers worldwide. Founded in 2003, the company's next-generation cloud-based security, archiving and continuity services protect email and deliver comprehensive email risk management. With Mimecast healthcare organizations can respond to industry risks by safeguarding protected health information, preventing advanced attacks like ransomware, archiving email and keeping employees connected during a mail server outage. Mimecast also met healthcare privacy regulations by completing a HIPAA security compliance assessment.
NCC Group (Manchester, United Kingdom). Formed in 1999, NCC Group provides expertise in cybersecurity and risk mitigation. The company has more than 35 offices and 15,000 clients worldwide, providing a variety of services including internet of things consultancy.
Netenrich (San Jose, Calif.). Netenrich boosts the effectiveness of healthcare organizations’ security and digital operations so they can avoid disruption and manage risk. The Resolution Intelligence Cloud platform transforms security and operations data into intelligence that healthcare organizations can act on before critical issues occur. Netenrich has helped healthcare organizations like MultiCare monitor critical systems including Citrix, MyChart, and PACS for availability, performance and capacity issues; gathers and prioritizes curated and contextualized data; and delivers this information to IT teams so they know where to focus first and what needs to be done to keep critical systems operating at peak performance.
NetScout (Westford, Mass.). NetScout's Adaptive Service Intelligence optimizes a hospital's analytics platforms to identify signs of outages in the hospital's network before they occur to diagnose and repair the issues quickly. The technology could prevent issues with a surgical robot powering down in the middle of surgery or video screens going dark during a procedure.
Netskope (Los Altos, Calif.). Netskope has a patented cloud-scale security platform designed to provide governance of all cloud usage while allowing real-time access to updates from the corporate network, remotely or from mobile apps. The company works with Oakland, Calif.-based Kaiser Permanente among other healthcare clients to protect against threats in the cloud and detect unusual data movement or activity.
Netwrix (Irvine, Calif.). Netwrix Auditor, a visibility platform for data security and risk management, provides clients with security analytics to detect anomalies in user behavior and investigate threat patterns. The Netwrix Auditor's solutions are HIPAA compliant.
Nexthink (Switzerland). Nexthink's Nexthinker is designed to help organizations reduce health information breach incidents and improve security and compliance. In the healthcare space, Nexthink helps institutions secure protected health information, ensures HIPAA compliance, reduces risk for HITECH penalties and facilitates bring-your-own-device adoption for physicians and clinicians.
NTT Security (Chiyoda-ku, Tokyo). NTT Security offers security, risk and compliance services to help organizations meet immediate challenges in data security. The company's technology solutions team works alongside consulting services to give advice on the appropriate solutions for risk management.
Okta (San Francisco). Okta's IT products use identity information to grant access to applications on any device at any time while enforcing strong security protections. The platform connects companies to customers and partners securely. Okta works with CMS, New York City-based Mount Sinai Health System and Nashville, Tenn.-based Envision Healthcare, among other healthcare customers, to provide adaptive multifactor authentication and HIPAA-compliant cloud identity solutions.
OneSpan (Oakbrook Terrace, Ill.). With more than 10,000 customers in 100 countries, OneSpan, formerly VASCO, provides security access to online information with two-factor authentication, transaction data signing, e-signature and identity management solutions. In the healthcare space, the company can secure protected health information in EHRs, protect electronic prescriptions and safeguard against unauthorized manipulation of mHealth apps.
OPSWAT (San Francisco). OPSWAT focuses on technologies to protect clients against cyberattacks. The company's solutions secure and manage IT infrastructure by scanning for known threats with anti-malware engines and sanitizing documents to prevent unknown threats.
Optimum Healthcare IT (Jacksonville Beach, Fla.). Optimum Healthcare IT is a healthcare IT staffing and consulting firm. The company provides healthcare providers, payers, software and life sciences organizations with support throughout the care continuum. Optimum acquired TrustPoint Solutions in 2021.
Oracle Dyn Web Application Security (San Francisco). Formerly Zenedge, Oracle Dyn Web Application Security Services provides security professionals with the tools and expertise needed to defend websites, systems and applications from cyber security threats. The company uses adaptive machine learning and automation to combat cyber attacks proactively. The application's suite includes a bot manager, malware protection and application program interface protection.
Osirium (Theale, United Kingdom). Osirium's software development team aims to fill the virtual air gap for privileged account access. The company was founded in 2008 and focuses on cybersecurity and hybrid-cloud automation technology as well as privileged protection and task-automated solutions.
Ostendio (Arlington, Va.). Ostendio serves primarily healthcare clients, including WellDoc, the American College of Cardiology and Higi. The company's MyVCM Cybersecurity and Information Management platform uses behavioral analytics to drive employee and vendor engagement. Ostendio's solution manages all aspects of security and allows organizations to report their security profile to internal and external stakeholders.
Perforce Software (Minneapolis). Perforce provides enterprises with superior solutions that help drive digital transformation and innovation. They also offer dynamic development, intelligent testing, risk management and collaboration solutions. Perforce acquired Rogue Wave Software in 2019.
PhishLabs (Charleston, S.C.). PhishLabs is a 24/7 service that protects organizations against cyberattacks targeting employees or customers. Founded in 2008, the company provides a full range of services to detect attacks, identify attack operations and mitigate underlying infrastructure to stop the threat. The company also provides services and training specific to protecting patient and healthcare provider information. In May, PhishLabs merged with BrandProtect, a threat intelligence and mitigation solutions provider.
Pivot Point Consulting (Brentwood, Tenn.). Pivot Point Consulting enables healthcare organizations to realize maximum value from their technology and resources through managed services, data and analytics, EHR, ERP, advisory, virtual care and cybersecurity services. Its award-winning industry experts deliver consulting, managed services and talent solutions to providers, payers, life sciences and technology organizations. The firm is currently ranked No. 1 Best in KLAS: Managed IT Services and has been repeatedly recognized as a top performer by KLAS in multiple categories.
PKWare (Fremont, Calif.). Dataguise provides a solution for global data governance, allowing organizations to detect, protect and monitor sensitive data in real-time on the premises and in the cloud. Healthcare organizations can use the company's Hadoop product to streamline and analyze billing data to reduce costs and fraud incidents; digitize patient records; and incorporate sensor and internet of things health monitoring data.
Praetorian (Austin, Texas). Praetorian's solutions aim to identify and solve cybersecurity problems enterprisewide. The company's technical engineers and developers offer security expertise to minimize risk across digital assets. Praetorian offers corporate and product security solutions unified through its software platform. In the healthcare space, the company works with medical device manufacturers to identify and address vulnerabilities.
Prevalent (Phoenix). Prevalent focuses on risk management through a product suite focused on automated vendor risk assessment, continuous vendor threat monitoring and vertical vendor networks. Healthcare organizations can use Prevalent to better manage and monitor third- and fourth-party business associate risks.
PriorityOne Group (Rutherford, N.J.). PriorityOne Group manages, implements and provides integrated IT services to healthcare organizations in and around Bergen County, N.J. The company focuses on guiding providers, including ASCs, through HIPAA compliance, product integration and technology acquisition.
Proficio (Carlsbad, Calif.). Proficio provides always-on cybersecurity protection and services to help customers detect and respond to or prevent security breaches. For healthcare industry clients, the company provides round-the-clock managed security services to protect confidential patient information and maintain HIPAA compliance.
Promisec (Boston). Promisec is an endpoint system, software asset management and compliance company that aims to help organizations avoid cyberthreats and attacks that lead to data breaches. The company's technology provides secure endpoints and clean audits to meet regulatory compliance standards.
Protegrity (Stamford, Conn.). Protegrity aims to develop solutions to protect data throughout its lifecycle without disrupting workflow. The company can provide security across big data clusters, cloud environments, databases and mainframes. The Protegrity data security platform can protect sensitive healthcare data through tokenization and encryption technologies.
Prot-On (Spain). Prot-On provides a solution to protect files, decide who has access to files and track file activity. Healthcare organizations use Prot-On to securely store and communicate patient and prescription information as well as share health records with patients.
Protenus (Baltimore). Protenus harnesses the power of AI to provide healthcare organizations with scalable risk-reduction solutions that drive the safest patient outcomes while protecting the reputation of the organizations. It is committed to reducing risk and fostering innovation for the companies it supports and in its own operations. In 2022, it was granted four new patents to protect the intellectual property of its patient privacy monitoring and drug diversion surveillance technologies.
Risk Based Security (Richmond, Va.). Risk Based Security, a Flashpoint Company, focuses on risk identification and security management tools to protect a variety of clients, including drug companies and healthcare providers. Founded in 2011, the company offers a full set of analytics and dashboards designed to identify security risks by industry. The company provides several HIPAA- and HITECH-compliant solutions for protecting patient data.
RiskIQ (San Francisco). RiskIQ focuses on digital threat management, offering the RiskIQ Community Edition giving security analysts free access to the company's solutions within a collaborative online environment. RiskIQ provides a comprehensive digital threat management platform for healthcare providers to audit, discover, monitor, investigate and mitigate threats.
Rubicon Labs (San Francisco). Founded in 2012, Rubicon Labs' Zero-Knowledge Platform provides abstract key management services. The company's authorization capabilities, device security services and software can secure physicians' devices as well as medical devices to prevent hacking.
SailPoint (Austin, Texas). SailPoint’s identity governance platform provides healthcare organizations visibility into user access and transparency into who has access to what. Large healthcare providers now have more than a billion points of exposure to data breaches, mostly tied to the identity of individual employees and third parties. SailPoint provides a way of managing these points of exposure with the power of identity.
Saviynt (El Segundo, Calif.). Saviynt is a leading provider of intelligent identity and access governance solutions. By providing converged identity security for healthcare facilities, Saviynt supports secure patient, staff and third-party interactions on a single cloud-based platform. Through automation and managed services, the company is driving positive patient and security outcomes, all while ensuring data privacy and continuous compliance with HIPAA, HITRUST, PCI and other regulations.
Seclore (Santa Clara, Calif.). Seclore helps enterprises protect and control their digital assets wherever they go to prevent data theft and achieve HIPAA and other compliances. Pharmaceutical companies can use Seclore's offerings to secure and govern their intellectual property and other confidential digital assets. The company's electronic digital reference model provides patient protection from product dossiers, unauthorized access and issues related to file sharing.
SecureAuth (Irvine, Calif.). Founded in 2005, SecureAuth focuses on authentication to ensure all entities attempting to access data are known and verified. The company's technology offers flexible identity access control solutions to protect virtual private network, on-premises, cloud, mobile and homegrown applications. For healthcare organizations, SecureAuth protects electronic prescriptions and protected health information in a HIPAA-compliant way.
SecureMySocial (New York City). SecureMySocial technology scans social media use and warns organizations about activities that expose them to risk in real time. The platform prevents information breaches and data leaks on social media. In May, the company was named to 2018 Cyber Security 500 list.
Sedara (Buffalo, N.Y.). Sedara is a managed security service provider with clients across the U.S. The company manages network security for clients and ensures regulatory compliance, including HIPAA compliance, for organizations across the spectrum. The company provides continual data monitoring and alert systems to identify and defeat hack attempts. In 2017, Sedara partnered with The Bonadio Group, a New York-based independent cybersecurity and compliance services provider.
Semperis (Hoboken, N.J.). Semperis offers the most comprehensive identity resilience platform for before, during and after an attack that helps defend critical healthcare systems against ransomware attacks. Active Directory is used by a majority of healthcare organizations and Semperis provides AD-specific protection to safeguard healthcare organization's vulnerabilities.
SentinelOne (Palo Alto, Calif.). A group of international defense and intelligence experts founded SentinelOne to tackle cybersecurity issues with a new endpoint protection approach. The company's platform is certified as an antivirus preplacement. The SentinelOne Endpoint Protection Platform can monitor all endpoints accessing HIPAA-sensitive information and protect health information and can also predict advanced attacks and automate the threat response process.
Silverfort (Boston, Mass.). Silverfort enables healthcare organizations to protect all systems and data by adding strong adaptive authentication across all systems, including PACS, EMR, and other healthcare systems. Using Silverfort organizations can seamlessly add MFA to systems without installing software on servers or user devices, and without complex integrations or configurations.
Skybox Security (San Jose, Calif.). Skybox is a privately held cybersecurity management company established in 2002. Skybox's security platform uses firewall and network device data to detect vulnerabilities, and its powerful attack vector analytics can reduce response times for greater network control. The company covers more than 2,000 enterprises globally, including Delta Dental, Neptune, N.J.-based Meridian Health System and eHealthInsurance in the healthcare sector.
SlashNext (Pleasanton, Calif.). SlashNext protects the world’s billions of internet users and the modern workforces from phishing and other malicious messages across all digital channels. The company's integrated cloud messaging security platform utilizes patented AI technology with 99.9 percent accuracy to detect threats in real-time to stop zero-hour threats in email, mobile and web messaging apps. Healthcare is one of the most heavily targeted industries when it comes to phishing attacks, and SlashNext protects healthcare organizations from data theft and financial fraud breaches.
Spirion (Irvine, Calif.). Spirion provides enterprise data management software to minimize risks, costs and reputation damage associated with cyberattacks. The company's platform is designed to identify, classify and monitor personal information, medical records, credit card numbers and other intellectual property.
Swimlane (Louisville, Colo.). Swimlane is a security and operations management platform with the capability to centralize security alerts and automate attack response. The company provides security automation and orchestration to unify, analyze and resolve alerts from the organization's existing security tools and provide analysts with threat intelligence. The company's solution can also gather security metrics and generate reports on cybersecurity efforts.
Swivel Secure (West Yorkshire, United Kingdom). Founded in 2001, Swivel Secure's AuthControl Sentry authentication platform allows organizations to tailor authentication requirements according to individualized security policies. Earlier this year, the company expanded their global partner program concentrating efforts on the United States.
Synopsys (Mountain View, Calif.). Synopsys is a software partner for companies around the world, focused on electronic design automation and semiconductor internet protocol. The company works with healthcare organizations to address cybersecurity risks for personal patient information and medical device hacking.
Symantec Corporation (Mountain View, Calif.). Symantec, by Broadcom Software, offers strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. With a 10 year running dedicated healthcare practice, Symantec is active in multiple healthcare IT associations, and has received industry recognitions and awards, such as a Best in KLAS Category award winner for Data Loss Prevention (DLP).
Tanium (Emeryville, Calif.). Tanium's solution for hospitals and health systems provides complete visibility across managed and unmanaged endpoints to improve security hygiene. The tool allows users to ask a simple or complex question of any or all endpoints and receive a response directly from all endpoints within 15 seconds. Tanium can also collect data from third-party endpoint agents to bring multiple security and IT operations under one platform, which can help streamline operations and reduce costs.
ThreatMetrix (San Jose, Calif.). ThreatMetrix, a part of LexisNexis Risk Solutions, is designed to inspect digital transactions across applications, devices and locations in real time. The company also provides online fraud prevention and can pinpoint suspect behavior and fraud attempts before damage is done. The company also provides authentication for patients, payers and physicians logging into the system.
TraceSecurity (Baton Rouge, La.). TraceSecurity is a leading provider of cybersecurity and compliance solutions that help organizations of all sizes reduce the risk of cyber breaches and demonstrate compliance. With a combination of software and services, TraceSecurity can help organizations manage their information security program and supplement it with third-party validation.
TrapX Security (San Mateo, Calif.). TrapX Security's TrapX DeceptionGrid allows customers to send "traps" that impersonate systems and devices, responding like attackers in the real world, to fool and entrap attackers. Sending out multiple traps alongside real systems and devices ensures the system can identify and contain attackers before any damage is done. The technology can detect sophisticated attackers and provide real-time forensics and analysis for the hospital's security operations team to take immediate action. TrapX was acquired by Commvault in 2022.
Trend Micro (Irving, Texas). Trend Micro is a global cybersecurity company providing solutions for consumers, businesses and governments. The company's XGen solution was developed to help healthcare organizations improve security before, during and after attacks.
Trustwave (Chicago). Trustwave currently works with more than 3 million businesses to protect data and reduce security risks. The company provides a flexible portfolio of services to healthcare organizations designed to protect their specific infrastructure, networks and data while remaining HIPAA and HITECH compliant.
Tufin (London, U.K.). Tufin's security policy orchestration solutions streamline security policy management across complex, heterogeneous organizations. The company's technology alliance program partners with industry leaders to integrate the Tufin Orchestration Suite with their existing solutions.
Untangle Arista Edge Threat Management (Sunnyvale, Calif.). The Untangle NG Firewall is designed as a single, modular platform that clients can run on their own hardware or as a virtual machine. Untangle helps the healthcare industry comply with HIPAA and HITECH through granular controls over who has access to the data. Untangle is a subsidiary of Santa Clara, Calif.-based Arista Networks as of 2022.
Varonis (New York City). Varonis' platform collects, stores and analyzes metadata in real time to protect data from cyberattacks. Organizations can monitor their unstructured data using the company's platform. Varonis specializes in protecting file and email systems storing spreadsheets, word processing documents, presentations and audio and video files that contain sensitive information. The company also offers a HIPAA compliance crash course.
Venafi (Salt Lake City). Venafi's platform pinpoints machine identity weaknesses and automatically makes updates to lower security risks. The company's platform is designed to help healthcare organizations better secure keys and certificates against privacy breaches by strengthening the cryptology.
Vera (Palo Alto, Calif.). Vera aims to protect data with strong encryption on any device without changing the existing workflow. The company's data-centric security solution is designed for collaboration while ensuring a high level of security, visibility and control. Vera includes HIPAA-compliant verticals for healthcare providers as well as pharmaceutical companies to secure intellectual property and trial data.
Virtru (Washington, D.C.). Virtru's products allow businesses and individuals to control access to emails, documents and data regardless of where the files are shared. In the healthcare space, the company's technology allows providers to share HIPAA-compliant emails and attachments, automatically identifying and encrypting personal health information. The company focuses on business privacy and data protection for more than 5,000 organizations worldwide. In May, the company closed a $37.5 million series B investment.
WhiteHat Security (Santa Clara, Calif.). WhiteHat Security focuses on securing web applications and delivering solutions to reduce the risk of cyberattacks. Healthcare providers use the company's technology as well as expertise to deploy secure applications and websites, as well as third-party apps. WhiteHat was acquired by Mountain View, Calif.-based Synopsys in 2022.
WinMagic (Mississauga, Ontario). WinMagic is a data security solutions company that secures data where it's stored and provides enterprise-grade data encryption and key management policies across an organization's operation systems. In the healthcare space, the company's platform encrypts patient data and takes steps to ensure there won't be a compliance breach.
Wombat Security, a division of Proofpoint (Pittsburgh). Founded in 2008, Wombat Security received funding from the National Science Foundation and Department of Defense to develop a suite of cybersecurity software training and filtering technologies. The company evolved its provider awareness and training software to support clients' efforts to teach secure behavior. In February 2017, the company expanded its healthcare security awareness training program to include ransomware training. Wombat Security was acquired by Proofpoint in March of 2018.
Zix (Dallas). Zix protects business communications through email encryption. The company's solutions support around 15,000 businesses and 1,200 U.S. hospitals with email encryption, data loss prevention and bring-your-own-device security. In April, Zix acquired Seattle-based Erado, a provider of archiving, supervision, eDiscovery and analytics for the financial sector.
Editor's note: This article was updated May 30 at 8:18 a.m. CT.