Aaron’s protects data in custom applications built on ServiceNow with the Developer Platform – Watch the story.
Innovation in clinical genomics starts with DLP for Boston Lighthouse
HQ Location: Cambridge, MA
John Greeley, Head of Engineering
Boston Lighthouse Innovations is a start-up that offers a clinical genomics solution suite with processing and reporting workflows for patient diagnostics. The nine-person team grew out of Massachusetts General Hospital’s molecular pathology department, which uses genetic data to diagnose cancer. Boston Lighthouse creates software for precision oncology medicine diagnostics and works side-by-side with Mass General Hospital’s Center for Integrated Diagnostics to help set up clinical sequencing labs throughout the world.
As a software solutions provider for next-generation cancer diagnostics and patient care, Boston Lighthouse works cross-functionally with clinicians, pathologists, bioinformaticians, data scientists, and software engineers to build big-data integration systems and decision support tools. Their machine-learning based tools are in everyday use for a wide range of clinical applications, like laboratory workflows, analytics, clinical decision support, and reporting.
When it comes to cancer, every second counts. Testing, diagnosis, treatment, and long-term patient care can’t wait. The Boston Lighthouse team adopted Slack as their internal communications tool for fast collaboration. They needed a DLP solution to protect sensitive patient data from being lost or used outside the organization. Nightfall provides the automated DLP support Boston Lighthouse was looking for.
Securing PHI in Slack across the organization
John Greeley leads engineering for Boston Lighthouse. His team is responsible for developing and maintaining the software that assists Boston Lighthouse’s clients in their oncology therapy and diagnostics. Their software operates entirely in the cloud, which allows fast collaboration with their clients and rapid communications within the team.
Boston Lighthouse has a potentially much larger reach outside of New England thanks to their acquisition by Oncoclinicas, the largest cancer clinic in Brazil. With the expansion of new genetic tests on their mind, protected health information (PHI) security is a main concern.
“We aim to live up to HIPAA regulations because as of now, there isn’t an equivalent law in Brazil to protect PHI,” says John. “We’re using HIPAA as our compliance standard for our Slack Enterprise instance. That’s the main reason why we started looking into Nightfall for DLP.”
Slack does not support HIPAA compliance out of the box. Boston Lighthouse needed a DLP provider to ensure patient PHI would not be improperly shared within their internal communications. “All our engineers use Slack,” says John. “Nightfall looked like the easiest choice to secure PHI.”
“We use Slack extensively. In order to be HIPAA compliant in Slack, we needed a DLP provider. Nightfall was the easiest choice that fit the bill, and provides everything we wanted to do with DLP.”
Putting functionality first for secure communications
HIPAA compliance first caught John’s eye with Nightfall, but once the tool was up and running within the Boston Lighthouse team, they saw other ways that DLP boosted their security posture.
“Now that we have access to Nightfall features, we can apply DLP to occasions when the software is developed at Mass General and a medical record number or other PHI might end up in a data repository,” says John. They can track where sensitive data like names combined with medical record numbers would be within their system and delete the data before it can get exposed or leaked.
“Nightfall is easy to use,” John says. “We get alerts when certain identifiers show up in Slack, like a Social Security number. From there we can set the Nightfall bot to automatically delete messages containing data that’s too high risk, or make users aware that they’re sharing a file that contains PHI.”
What began as looking to avoid red tape from operating without HIPAA compliance in Slack became a true DLP solution for Boston Lighthouse. With Nightfall in place, John and his team can confidently continue working across departments to build better software and support more advanced oncology testing and treatment.
“Nightfall alerts notify us when specific identifiers are shared improperly, like a Social Security number. We can take actions like automatically deleting a risky file or message, or notifying users when files contain PHI.”
The proof is in the protection
DLP compliance in Slack allows Boston Lighthouse to stay agile and innovative. The engineering team has greater visibility into potential security incidents before they happen with the Nightfall bot, and they can maintain autonomy over their IT realm by staying HIPAA compliant in Slack.
“If we can maintain our compliance and security posture independently and prove it to our parent company, that’s a significant advantage for us,” John says. “Nightfall helps us maintain control over which IT tools we can use, even as we’re part of a larger organization.”
A stronger security posture with Nightfall means that Boston Lighthouse can focus on developing new ideas in clinical genomics software instead of worrying about unchecked data leakage and potential PHI exposure.
“We’re able to clearly show our PHI security best practices with Nightfall,” John says. “We can avoid time-consuming audits that would slow down our productivity and our value to our owners and also our future business plans.”
Boston Lighthouse’s cloud DLP needs are covered in Slack. As the Nightfall product offerings expand, we’ll be there to cover their other DLP in code repos, project management tools, and cloud drives. We’re proud to support an innovator in the biotech field that’s contributing to the fight against cancer.
“Nightfall helps us avoid costly and intrusive audits. We can prove that we are following best practices with HIPAA in Slack. Our productivity and value to our clients isn’t impacted, and we can grow our future business plans.”
Nightfall is the industry’s first cloud-native DLP platform that discovers, classifies, and protects data via machine learning. Nightfall is designed to work with popular SaaS applications like Slack, Google Drive, GitHub, Confluence, Jira, and many more via our Developer Platform. You can schedule a demo with us below to see the Nightfall platform in action.
Schedule a Demo
Select a time that works for you below for 30 minutes. Once confirmed, you’ll receive a calendar invite with a Zoom link. If you don’t see a suitable time, please reach out to us via email at email@example.com.