Security Overview

MedStack Security Program

Monitored SIEM

MedStack's SIEM (Security Information and Event Management) ingests log sources, and works alongside our Intrusion Detection System (IDS), and File Integrity Monitoring (FIM) events. It works with MedStack’s on-call engineer alerting tools.

MedStack logs and event monitoring data are segmented by customer.


24/7 Intrusion Detection System Monitoring

Our SIEM is monitored by designated on-call production engineers, and critical IDS/FIM event alerts are actively triaged by a 24/7 SOC team. We may contact you about activity if we conclude that something looks abnormal.

Third-party verified

MedStack undergoes annual audits and works with third-party vendors to maintain our security and compliance posture.

SOC 2 Type 2 ReportSecurity AssessmentsTRA and PIA
We work with an independent auditor to maintain our SOC 2 Type 2 report.We complete annual third party penetration testing by qualified assessors.Our Privacy Impact Assessments (PIA) and Threat Risk Assessments (TRA) are done regularly by third parties. We use these to spot potential weaknesses and help prevent, or reduce, harmful outcomes.

Intentional product design

MedStack is intentional about the security and compliance that gets baked into our platform.

Activity logs

Know who did what and when with the user activity log.

Authentication security

  • Two-factor authentication (2FA) is enforced on all accounts
  • Passwords must be at least 8 characters long
  • Password reuse is not allowed
  • Password complexity (eg. requiring at least one upper and lowercase, numeric, and special character, etc): NIST recommends password complexity not be imposed; password complexity is not imposed on MedStack Control


Network-based Application Firewalls

Identify unwanted applications or services using a non standard port or detect if an allowed protocol is being abused. MedStack has network-based firewalls enabled and configured for all customer virtual networks and servers.

  • DDoS protection
  • IP spoofing protection

Host-based Application Firewalls

MedStack has host-based firewalls enabled and configured for all customer virtual networks and servers.

  • Real-time IDS/FIM system
  • Firewall (IP packet filtering rules)


Web Application Firewall (WAF)

MedStack does not have a WAF implementation. Many customers have successfully implemented ModSecurity as their WAF engine of choice.

Ciphers and TLS version

Enabling the Most strict option for a load balancer within MedStack enforces the use of strong ciphers for TLS. This is recommended for all applications and PCI DSS compliance.

Infrastructure security

  • Hosted on leading cloud infrastructure providers (Amazon AWS and Microsoft Azure) with signed and inheritable business associate agreements
  • Media destruction is handled by cloud providers, so you know your data is purged, or destroyed according to NIST 800-88 Guidelines for Media Sanitation
  • We deploy using Infrastructure as Code (IoC)
  • All infrastructure changes are peer reviewed and scanned for vulnerabilities
  • Managed firewall and load balancer
  • Encryption for all data at rest
  • Self-service maintenance tools

Code security

  • All code is peer reviewed before it is merged
  • Every modification is contingent upon passing an extensive test suite, and all security checks succeeding
  • Our third-party libraries are scanned for vulnerabilities as part of our CI/CD pipeline
  • Our development culture is one of continuous learning and sharing

Organizational security

  • Robust information security policies and procedures
  • 2FA enforced company-wide
  • Background checks
  • Physical security keys used where possible
  • Vendor risk management
  • Ongoing security education, incident response training, and awareness training
  • External security assessments
  • Mobile device management (MDM)
  • Endpoint detection response (EDR)

Report a security issue

Notice something that doesn't seem right? Submit a request.