- Need continual understanding of their cyber posture to ensure client data is safe and to comply with HIPAA and SOC 2 compliance requirements
- With daily code commits, do not want to rely on periodic penetration tests
- Requirement to have developers owning the security testing process to find and fix issues early and often
- Validate security for OWASP Top 10 vulnerabilities
- Reduce manual processes and prevent technical debt
Coordinating patient care by specialist carers, especially with a remote workforce to see patients at home, can be a complicated process that needs to be managed properly. With patient records and other sensitive data that needs to be shared too, it is no surprise that software company MedFlyt, based in New York, built an application to automate the management of the process.
“Our platform automates multiple manual processes for caregiver and patient management”, says Nir Berenstein, CTO for MedFlyt. “With the sheer volume of patient and caregiver data that our platform manages, security of our platform has always been at the forefront of our mind, focussed more acutely with our HIPAA and SOC 2 compliance requirements”
Creating new features at speed, but securely
As a small but highly effective team, Medflyt needed an automated tool to supplement or replace the internal manual code reviews and put security testing into the hands of the developers.
“We wanted to enable our developers to create at speed, whilst minimising the risk of creating security issues and sleepless nights between expensive and periodic penetration tests”, Berenstein says.
Without a dedicated security team and having reviewed many security scanners, Berenstein decided to bring in Bright. “Our search for a security scanner that met our success criteria ended when we found Bright, namely the automation and accuracy it brings, while being a developer focussed solution out of the box. We couldn’t achieve this with other tools”, he says.
With daily changes to his code adding new features, Berenstein wanted his developers to understand where any issues are, early. “With SOC 2, we wanted a scanner that enables us to run security testing daily, that isn’t going to be a complicated process and a drain on internal resources”.
“Bright is very intuitive and our developers are able to run the tool without the need to be a security expert. The scanner crawls our application with excellent coverage”, Berenstein added, “with the accuracy of the results meaning our developers can trust the output and fix the issues to deliver a secure product, instead of wasting time validating if issues are real”.
Like any team, Berenstein was looking at ways to streamline his processes and make them more efficient. “I wanted to create a culture where my developers are free to be creative and make the changes we need, without the fear of me checking and finding holes. This early detection of issues saves me time and also reduces our security and technical debt”.
The future is bright...and secure
By using Bright, MedFlyt’s developers are happy to be in control. “Feedback from my devs has been excellent – it’s easy to use, easy to deploy and the results are developer friendly” Berenstein says. “The integration process into our environment was simple and immediate. We are able to simply run security scans, whilst also having the platform create a full security pdf report for management and our compliance records”.
MedFlyt is a real time staffing platform for the homecare industry, reducing staffing time from hours to minutes, suggesting the best match between caregivers and patients, streamlining homecare agency operations.