Linus Health x ScaleSec Client Story

Linus Health

Building a Hardened Environment and a HIPAA-Based Security Program for Health Assessment Platform
INDUSTRY
Healthcare
PRODUCTS
Cognitive health assessment platform
LOCATION
Renton, WA
ANNUAL REVENUE
$28M

Linus Health logo

PLATFORM

AWS

 

ASSIGNMENT

Implement a comprehensive, HIPAA-based cloud security solution, including the launch of a security and compliance management program, cloud platform preparation, and development of a hardened configuration baseline for cloud workloads.

Project Challenges

Alzheimer’s and dementia deaths in the U.S. have increased 16% during the COVID-19 pandemic, according to the Alzheimer’s Association. As dementia grows to more than a million diagnoses per year in the U.S. alone, the need for improved screening and monitoring tools has never been greater.

Linus Health believes it can help to address this urgent need by both growing its cloud team and preparing its cloud platform for the broader healthcare market–and it chose ScaleSec to support its expansion.

Overview

Linus is a robust, multimodal platform for brain health screening and monitoring. The platform assesses cognitive and motor functions using data collected from smartphone or tablet sensors. These measurements are input to patented machine-learning technology that produces a report classifying the patient’s cognitive status.

Insight

Linus Health closed a $55 Million Series B investment to grow its team and accelerate the development of its platform. As part of these plans, Linus Health engaged ScaleSec to build a hardened cloud environment to support the next-generation platform and launch a HIPAA-based security program for ongoing management and increased security and privacy protection.

Services Provided

ScaleSec collaborated with Linus Health to design and implement a comprehensive cloud security solution, including the launch of a security and compliance management program, cloud platform preparation, and developed a hardened configuration baseline for cloud workloads. To maintain velocity and simplify hiring, the team referenced well-known standards, tools, and best practices for every layer of the solution.

(1: Program)


The security management program launch included selecting a security control framework, drafting policy templates to support the framework, and documenting responses for security controls.

The team adopted controls from NIST 800-66 and tailored them to suit a commercial organization. NIST 800-66 provides prescriptive guidance and controls for the HIPAA Security Rule. All controls were mapped to SOC 2 criteria to support future competitive compliance endeavors.

 

(2: Platform)


The team launched a new AWS Organization using AWS Control Tower to create a landing zone for all AWS accounts. Guardrail policies were configured to ensure adherence to company policy. The new AWS Organization was designed by tailoring recommendations from the AWS Security Reference Architecture, including setting up centrally managed security capabilities like logging collection, monitoring, and identity management.

Linus Health uses AWS Config to manage inventory, AWS Security Hub to manage security findings, and threat detection provided by AWS GuardDuty. Further, the team configured AWS CloudTrail for activity logging, VPC Flow Logs for network activity, and IAM Access Analyzer to manage externally exposed resources.

 

(3: Workload)


Protecting workloads and customer data is a critical step to setting up a security program. Accordingly, the companies collaborated on a detailed data flow diagram to understand system boundaries, use cases, user personas, and data types to be protected.

To further accelerate innovation the team used HashiCorp Terraform to create templates for common patterns used by the company’s developers and data scientists. All infrastructure as code (IaC) configurations were hardened to the NIST 800-66 controls for the HIPAA Security Rule.

While the project was underway and meeting milestones, Linus Health hired new employees and added them to the team. Because ScaleSec used best practices and industry standards easily recognizable by each new hire, the onboarding process was straightforward and made onboarding easier.
"We are very happy with our decision to engage with ScaleSec. They were easy to work with, and allowed our leadership to focus on our strategic quest to enable precision brain health for all patients living with dementia."
John Langton, CTO | Linus Health
John LangtonCTO | Linus Health

Results / Impact / Highlights

With a five-week investment, the Linus Health team now has an extensible, scalable security program. They can now proceed with increased focus on their core mission to build and extend their platform to help improve brain and mental health outcomes for people everywhere.

Key design decisions that helped Linus Health maintain momentum include:

Adopt proven frameworks, standards, and controls. Creating custom controls is time-consuming and largely unnecessary compared to selecting and tailoring existing controls.
Use managed cloud services for system components that do not require extensive customization, like message brokers.
Start with a modest scope and depth for compliance and security capabilities. Expand and improve over time.
Accelerate HIPAA compliance by configuring and hardening HIPAA compliant cloud services.

About Linus Health

Linus Health is a digital health company committed to optimizing brain health outcomes with unique, meaningful insights and interventions. The company harnesses the power of artificial intelligence combined with neuroscience technology and human expertise to objectively quantify individuals' cognitive health and streamline and guide decision making across the care team. Its robust multi-modal platform of scientifically-validated tools are used by world-class research institutions, by industry-leading therapeutics companies, and by clinicians and communities caring for older adults.

About ScaleSec

ScaleSec is a service-disabled, veteran-owned small business (SDVOSB) for cloud security and compliance that helps innovators meet the requirements of their most scrutinizing customers. We specialize in cloud security engineering and cloud compliance. Our team of experts guides customers through complex cloud security challenges, from foundations to implementation, audit preparation and beyond.

Want to speak with a ScaleSec expert?

Want to optimize and transform your existing digital portfolio? Reach out to us.