Galileo Health Maintains HIPAA Compliance Across Slack and GitHub with Nightfall
Company: Galileo Health
Michael Supon, Head of Security and Compliance
Galileo Health has an ambitious mission: to improve the quality and affordability of healthcare for all. Leveraging a digital platform and a unique, multi-disciplinary care management system, Galileo provides an effective, scalable solution for delivering medical care to complex and underserved populations. The New York-based startup has seen incredible growth since its inception in 2018, with over 55,000 downloads of the Galileo mobile app and overwhelmingly positive reviews online.
In addition to navigating the rapidly-changing technology landscape, healthcare startups must contend with a myriad of regulations in order to operate. HIPAA (the Health Insurance Portability and Accountability Act of 1996)
requires especially stringent safeguards for patients’ private information. Michael Supon, Galileo’s Head of Security and Compliance, was no stranger to the challenge of maintaining HIPAA compliance across an entire organization. With years of experience in healthcare technology, Supon knew that his team needed an automated solution to protect against potential data breaches.
At his previous company, Supon had discovered the perfect option for comprehensive, automated HIPAA compliance: Nightfall. Providing data loss protection (DLP) across applications including Slack, GitHub, and AWS, Nightfall proved to be an ideal solution for the Galileo team’s needs.
“Nightfall’s ease of setup and accuracy of identified data are both on point.”
Enterprise Slack DLP functionality
Powered by machine learning, Nightfall’s Enterprise plan continuously protects all of Galileo’s Slack messages and files against breaches of sensitive information. Using a three-stage approach—Discover, Classify, and Protect—Nightfall automatically scans for over 25 PII (personally identifiable information) and PHI (protected health information) detectors, without any need for fine-tuning or tagging.
Supon particularly appreciated Nightfall’s ability to customize the response to potential leaks. “The Slack options are very versatile and can be set for the level of enforcement that our policies and procedures mandate,” Supon notes. Depending on the type of information, Supon can manually quarantine the data or use automated workflows to save time.
Automated GitHub protection
Eliminating unnecessary manual activity was a top priority for Supon and his team. “We checked for credentials and data patterns during pull requests in GitHub, but nothing was automated,” Supon remarks. Not only did Supon and his team have to spend countless hours monitoring Galileo’s GitHub repositories, but they also risked leaks of sensitive information in between pull requests. Radar, Nightfall’s GitHub solution, solved both of these problems with ease.
Radar scans public and private GitHub repositories for sensitive credentials and secrets, such as API keys for AWS, Twilio, or Stripe. Unlike traditional approaches, such as regular expressions or high-entropy string detection, Radar’s machine learning can discover a very broad set of secrets without needing to specify what types of keys or credentials to quarantine. As a result, Supon and his team have a larger umbrella of protection with more accurate, less noisy results.
Safeguards against liability
In addition to improved productivity, the Galileo team also enjoys increased protection from the financial liability of a data breach. “The cost of a breach can be substantial,” Supon notes. “While we have not had a severe alert on data, it would cost $430 per patient record if there ever was one.” Given Galileo’s ever-expanding consumer footprint, fines for a breach could easily tally into tens of millions of dollars.
Deploying Nightfall has given the Galileo team and their customers an always-on ring of protection around one of their most valuable resources: their information.
“Nightfall has eased our collective mind.”
If you’re interested in learning more about Nightfall for Slack, you can view our Guide to DLP on Slack or schedule a brief demo with our team below.