Security FAQs
- Claudio Menegusso
back to index | back to cyber security
- 1 What are the key security measures built into your system?
- 2 What are the resilience features built into your system?
- 3 Do you encrypt data at rest?
- 4 Where are your servers located?
- 5 How do you backup data?
- 6 Do you support Single Sign-On (SSO)?
- 7 Do you support EMR integration?
- 8 Do you have a machine-readable SBOM of all software used in your system?
- 9 How do I recover the device configuration?
- 10 How are forensic log files collected and managed?
- 11 Is there an anticipated cyber-security end of support and end of life?
What are the key security measures built into your system?
Segregated databases for each client
Dedicated and separate AWS infrastructure per client that handles PHI data.
Private public encryption key schema for PHI data where B4C cannot access it. Only clients in an active user session can do it via dedicated AWS infrastructure.
Client defined auto logoff policy for user session inactivity
Client defined auto user suspension policy for an inactivity period
Client defined password policy
Client defined data purge policy
Full system audit log for over 30 user operations
What are the resilience features built into your system?
Infrastructure Resilience
Our system has been built in a robust and resilient way using scalable cloud infrastructure that adapts according to demand as well as geographically separated redundancies.
In our application, in the event of a communication failure with the cloud, the mobile app temporarily stores data and sends it to the cloud as soon as the failure is resolved.
Communication between the sensor and the application is checked for packet validation and packet loss.
Noise interference resilience
Our system is engineered to ensure high resilience and reliable performance in the presence of noise and environmental interferences that could affect electronic components and data communication. Noise mitigation resilience points are:
Sensor Resilience: Comprehensive Electromagnetic Compatibility (EMC) testing in accordance with the IEC 60601-1-2 standard, demonstrating that they are not susceptible to noise interference from other devices, nor do they generate noise that could affect other systems. These tests ensure that the sensors maintain their functionality and accuracy, even in environments with high levels of electronic noise.
Communication with Mobile Devices: Communication between the sensors and mobile devices is established using Bluetooth 5.0, chosen for its advanced noise mitigation capabilities. In dense environments, where many devices operate on the 2.4 GHz frequency, both Bluetooth and Wi-Fi connections can be impacted. However, Bluetooth 5.0 and Wi-Fi incorporates robust techniques such as channel hopping and other mitigation strategies to maintain stable and reliable communication. These techniques are detailed in our wireless coexistence document, which describes how our system minimizes interference and maintains the integrity of transmitted data.
Do you encrypt data at rest?
YES. All PHI (protected health information) is encrypted at rest. This data is encrypted at source using the public key from a client-specific public-private encryption key schema. Only our clients, in an active user session, can access PHI data that is served via a dedicated client AWS infrastructure that brain4care does not have access to.
Where are your servers located?
For US customers, all servers are located in the US territory.
How do you backup data?
All data is stored in our HIPAA-certified cloud infrastructure with daily backups.
Do you support Single Sign-On (SSO)?
Yes. The B4C System has SSO capabilities to integrate with customer's AD (Active Directories) to allow for seamless and secure system login. This functionality is included via joint brain4care and client IT team project.
Do you support EMR integration?
Yes. The B4C System has secure APIs to integrate with the customer's EMR (Electronic Medical Record) to allow for seamless and secure clinical information flow. This functionality is included via joint brain4care and client IT team project.
Do you have a machine-readable SBOM of all software used in your system?
Yes. Such requests should be sent to security@brain4.care or via requests using our help.brain4.care portal.
How do I recover the device configuration?
Only brain4care authorized representatives have access to and are allowed to view, manage, and change device configurations. In the B4C System’s case, the above-mentioned configuration is for the sensor itself.
How are forensic log files collected and managed?
Forensic data at brain4care is collected in two ways:
Through cloud infrastructure services: logs of cloud administrators' operations, web server logs, script logs, processing logs, and metrics.
Through software developed by brain4care: activities of "Account Managers" and "Healthcare Professionals", and logs of administrators' and super administrators' activities.
Infrastructure logs are kept for at least two years on brain4care's own cloud infrastructure and are restricted to authorized internal users. We use analysis software to monitor the logs.
Logs of "Account Managers" and "Healthcare Professionals" are stored separately in the cloud infrastructure dedicated to each brain4care client organization. Data is stored for at least 2 years. brain4care administrators and the organization have access to the logs through the portal interface.
No sensitive data is stored.
Is there an anticipated cyber-security end of support and end of life?
No. brain4care is fully committed to cyber-security coverage throughout the period of any user actively using the B4C System
Â
Copyright © 2020 - 2024 Braincare Desenvolvimento e Inovação Tecnológica S.A. All rights reserved.