Invincea Receives Independent Validation for HIPAA and HITRUST Compliance

X by Invincea Next-Generation Antivirus protects healthcare organizations from malware and other endpoint attacks while meeting compliance requirements

Fairfax, VA – Feb. 28, 2017 – Invincea, the #1 performing next-generation antivirus company, today announced that X by Invincea has been independently validated to meet HIPAA and HITRUST compliance requirements.  The validation was completed by Coalfire, a leading independent industry provider of IT Security, governance, and regulatory compliance services.  Details were provided in a report completed by Coalfire.

“Healthcare is one of the most heavily targeted industries by malicious threat actors looking to exfiltrate or destroy sensitive information.  This vertical is particularly appealing to adversaries because they have sensitive ePHI, and rely on digital systems as part of patient care,” said Dean Mekkawy, Director of Product Management at Invincea.  “Unlike other industries, healthcare not only needs to protect data but data that is directly correlated to individual health conditions and ongoing care, making the availability and integrity of their data absolutely critical. We are pleased that Invincea has received this validation so customers can get the best endpoint security while meeting HIPAA and HITRUST standards.”

HIPAA is a 1996 United States legislation that provides data privacy and security provisions for safeguarding medical information. The HIPAA Security Rule provides requirements on the safeguarding of ePHI, which sets the standards for patient data security. HITRUST CSF establishes a unified assessment framework for assessing a wide array of industries, including healthcare. The primary objective is to safeguard protected data during all phases of activity.

Coalfire has concluded that Invincea’s machine learning driven next-generation antivirus protection is in compliance with nine HIPAA and HITRUST requirements, specifically:

  1. Risk Analysis – R 164.308(a)(1)(ii)(A) Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI held by the covered entity or business associate.
  2. Risk Management – R 164.308(a)(1)(ii)(B) Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with §164.306(a).
  3. Information System Activity Review – R 164.308(a)(1)(ii)(D) Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
  4. Protection from Malicious Software – A 164.308(a)(5)(ii)(B) Procedures for guarding against, detecting, and reporting malicious software.
  5. Log-in Monitoring – A 164.308(a)(5)(ii)(C) Procedures for monitoring log-in attempts and reporting discrepancies.
  6. Response and Reporting – R 164.308(a)(6)(ii) Identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity or business associate; and document security incidents and their outcomes.
  7. Evaluation – R 164.308(a)(8) Perform a periodic technical and nontechnical evaluation, based initially upon the standards implemented under this rule and, subsequently, in response to environmental or operational changes affecting the security of electronic protected health information, that establishes the extent to which a covered entity’s or business associate’s security policies and procedures meet the requirements of this subpart.
  8. Unique User Identification – R 164.312(a)(2)(i) Assign a unique name and/or number for identifying and tracking user identity.
  9. Audit Controls – R 164.312(b) Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

To download a copy of the HIPPA and HITRUST report, visit this link. To read a blog post about “Privacy and Security above all in the Healthcare Industry” from Invincea’s Dean Mekkawy, visit here. To learn more about Invincea or to take a free Test Drive, visit

About Invincea

Invincea is the #1 performing next-generation antivirus security solution in the industry. Inspired by work resulting from DARPA’s Cyber Genome program, X by Invincea stops unknown malware, ransomware, and file-less malware before it can impact an endpoint, without affecting business performance. Based in Fairfax, VA., Invincea proudly protects organizations across the globe and drives the highest level of transparency and accountability in the marketplace. For more information or to take a free Test Drive, visit

About Coalfire

Coalfire is the trusted leader in cybersecurity risk management and compliance services. Coalfire integrates advisory and technical assessments and recommendations to the corporate directors, executives, boards, and IT organizations for global brands and organizations in the technology, cloud, healthcare, retail, payments, and financial industries. Coalfire’s approach addresses each businesses’ specific vulnerability challenges, developing a long-term strategy to prevent security breaches and data theft. Coalfire has offices throughout the United States and Europe. For more information, visit

Invincea Public Relations Contact Information

Danielle Ostrovsky

Hi-Touch PR







*** This is a Security Bloggers Network syndicated blog from Invincea authored by Emily Zasada. Read the original post at: