I hope you are keeping well during this unprecedented time. I would like to update you on the steps that ...
Medical Management Systems’ Statement Regarding Cyber Security Risk Mitigation, 7th March 2022 Due to the conflict in Ukraine and the heightened threat level towards countries supporting Ukraine, the UK’s National Cyber Security Centre has asked all UK companies to stay alert and closely monitor their cyber security space. This statement addresses data security measures we are […]
Due to the conflict in Ukraine and the heightened threat level towards countries supporting Ukraine, the UK’s National Cyber Security Centre has asked all UK companies to stay alert and closely monitor their cyber security space. This statement addresses data security measures we are taking in light of the current situation.
What does this mean for you as a Meddbase user?
With regards to the use of Meddbase, and the security and backup of your data, nothing has changed.
Medical Management Systems runs the majority of operations from within the UK including UK customers’ data hosting – with additional hosting in the Republic Of Ireland, Canada and the USA serving customers in those geographical markets. Currently there are no specific threats to UK organisations, and Medical Management Systems is highly unlikely to be the target of any direct threats.
As an ISO 27001-certified provider, business continuity and data security is integral to our operations at all times and preparing for unforeseen circumstances is a standard element of our Infosec planning process.
How are we mitigating the heightened security risk?
Whilst we consider it highly unlikely for Medical Management Systems or our Meddbase product to become a specific target of cyber attacks, we are aware that services and infrastructure provided by our suppliers could potentially be disrupted. This includes business critical services such as internet service providers and data centres, which underpin the provision of Meddbase to our customers in the UK and overseas.
We would like to assure all our customers that we are closely monitoring the situation, are committed to following official guidelines and have policies in place to ensure continuity of operations based on several eventualities.
If one of our critical suppliers becomes unavailable, we have procedures in place to switch to a secondary provider with minimal interruption.Additionally, if one of our offices becomes unavailable, we have a secondary location acting as a ‘warm site’, which can be made fully operational within a few hours. Employees have the hardware and software capability to work from home whenever necessary.
We are aware that the current crisis is volatile and subject to change, and we are prepared to respond accordingly.
Meddbase – Key Security Facts
We have outlined a set of key points to pre-empt specific questions and concerns about the company, the product, and your data security at this time.
Backups
All client data (including but not limited to patient records, medical records, appointments, documents) continues to be replicated across our two Tier-3 data centres in close-to-real time. We take additional backups of data and systems’ configuration daily, encrypt them and store all data at separate locations ensuring failover options should an emergency situation arise.
Anti-malware
Our anti-malware solution is deployed to all endpoints on our network and scans all devices in real-time.
Firewalls
Our firewalls come with Unified Threat Management capabilities and include intrusion prevention and detection, web and application filtering, data loss prevention, network discovery among other precautions.
Vulnerability Assessments and Patch Management
All of our servers are regularly scanned for vulnerabilities. Outputs of these are analysed and fix roll-outs are prioritised based on criticality.
Monitoring
We have a range of network and hardware sensors with pre-defined thresholds that alert our Incident Response Team when any suspicious activity is spotted, or the moment any of our critical systems are down.
Please feel free to contact us
Should you have any further questions related to this statement or if you believe you have noticed something suspicious, please raise a ticket for Support Team as soon as possible via existing client communication channels.
We are committed to continuing to support our customers and we are always on hand to assist and respond to your concerns.
Will Temple
Managing Director
Medical Management Systems Ltd