Challenge
- Stringent HIPAA laws require that companies working with personally identifiable information (PII) and protected health information (PHI) keep that data secure.
- Like many fast-growing tech innovators, Springbuk relies on Slack for their internal communications and needed a cloud-native solution that could accurately detect and limit inappropriate PHI exposure.
Solution
- Nightfall for Slack helps Springbuk identify potential data exposure risks at scale without disrupting existing workflows.
HIPAA compliance at scale to secure internal communications
Springbuk Security Coordinator Chris Morrison saw Nightfall’s Slack data loss prevention (DLP) functionality as an easy-to-use and effective solution to protecting sensitive customer data and allowing Springbuk employees to use Slack to maintain productivity.
Springbuk’s value add to an organization is in helping them leverage disparate sources of data. They encourage smarter use and deeper understanding of the health-related data, allowing organizations to take a more proactive approach to employee benefits. All this data — and especially the types of sensitive data in play — make strong digital governance a chief concern for Springbuk.
“Maintaining HIPAA compliance is of the utmost importance to Springbuk,” says Security Coordinator Chris Morrison. The company’s reliance on Slack could mean increased exposure to data leakage since Slack does not provide DLP out of the box. But with Nightfall, Morrison and the rest of the Springbuk team can focus on what they do best, without worrying about security gaps.
Slack is a tech industry standard for internal communications for a good reason. The instant transmission of messages is great for helping employees stay on top of tasks and communicate effectively with their peers. But each message can carry data across the entire employee network, posing threats to information security every time a user hits the send button.
DLP ensures that confidential information, like social security numbers or protected health information, isn’t shared. Since Slack lacks built-in DLP functionality, the Springbuk team needed a third-party solution to DLP on Slack. Nightfall was the right fit.
“Working with Nightfall gives our customers confidence that we take data protection very seriously.”
Chris Morrison
Security Coordinator
Solution: Nightfall's out-of-the-box PHI & PII detectors
Springbuk relies on Nightfall’s support of compliance with regulatory regimes like HIPAA and Nightfall’s ability to automatically scan for over 100+ detectors of PII data ranging from credit card numbers to IP addresses.
“The customer service and responsiveness from the Nightfall team has been great for us.”
Chris Morrison
Security Coordinator
For Morrison and his team, ease of use is the feature that matters most. “We have plenty to do to maintain our security standards,” he says. “Nightfall's ability to detect and then automatically respond to the appropriate party is huge for us. I can look at the analytics to find issues, trends, and other data.”
Time saved is money saved
Springbuk uses Nightfall’s Slack DLP to shore up their defenses against data loss through internal communications. Morrison’s team relies on Nightfall every day to protect PHI data for their customers and to save time and money for Springbuk. “A data incident could cost our company reputationally and financially,” he says. “The ease of use and automated processes saves our security team many hours that would be spent researching and responding to potential data incidents in Slack.”
“Nightfall helps protect us from dealing with data breaches which can totally devastate a business.”
Chris Morrison
Security Coordinator
Healthcare tech companies need a DLP solution that understands the unique challenges of working with PHI and the nuances of regulatory regimes like HIPAA. Springbuk can continue to grow and innovate without worrying about data loss or other data security issues.