<img src="https://ws.zoominfo.com/pixel/cEO5AncHScwpt6EaX0mY" width="1" height="1" style="display: none;">
Skip to main content

Data Breach Defense Program for Health-ISAC Members

Executive Overview

 For Health-ISAC members that need to improve their data breach defense of PHI information NOW, this is a fast and pragmatic program for hospitals often with overloaded and overwhelmed IT organizations

About Celerium

Celerium has a rich 18-year history of providing cyber defense solutions. We supply cybersecurity solutions to the U.S. Department of Defense to help protect the Defense Industrial Base (DIB). We also support state and local government entities and small and medium-sized businesses. Now, we are working to apply our knowledge and insights to the hospital sector.  Our goal is to improve data breach defense for hospitals.

 Celerium is a US-based, privately held company with offices in Tysons Corner, Virginia and in Torrance, California.  

Our Program

For hospitals concerned about PHI data beach impacts on:

  • Patients: Theft of sensitive patient information, disruption of services
  • Hospitals and Executives: Most regulatory fines and class action lawsuits are related to "failure to protect PHI, ePHI, or patient data." Also, executives may be required to testify in depositions, in court, and in congressional hearings. Reduce your vulnerability by improving data breach defense of PHI data. 

Our Solution: Detect possible PHI data breach activity in your hospital systems, including legacy systems. Activate containment measures manually or automatically.

  • Empower Your Overloaded IT Staff: If you have a security operations center (SOC), help leverage their capabilities via a data breach SOC powered by Celerium's solution. If you don't have a SOC, you can also benefit from our easy-to-implement and run solution.
  • AI-Powered: Celerium's 2025 Data Breach Defense Program uses the power of AI in detecting PHI data breach activities. 
  • Scope of Coverage: Covers potential data breaches against hospital systems and servers. Scope does not cover medical devices (IOMT) or email systems.
  • Implementation: No hardware or software installs to hassle your overloaded IT staff; implementation time in 30 minutes or less.
  • Eligible hospitals can leverage the program for free for one year. 

Special Incentive Program for Health-ISAC Members

Hospitals can apply for a free subscription for 2 (two) configured firewall with a maximum EPS (events per second) of 1,000, which would run for one year. Participation in the program also includes: 

  • Join executive and technical briefings we will provide to participating hospitals starting in January 2025.

Why would Celerium provide a one-year free Data Breach Defense Program for Health-ISAC members? 

  • We know many hospitals are very busy and may not have time for the traditional process of trials, demos, procurement, and everything else. This program is designed for hospitals that have concerns now and want to act quickly.
  • Other vendors are also trying to help out cybersecurity in hospitals. We are also trying to help hospitals with our very pragmatic data breach defense solution
  • We also want to build our community of hospital participants so that we can privately and securely analyze and understand emerging data breach attacks.

However, there are limitations to the program:

  • When you apply for the free program, your hospital will need to be technically eligible in terms of the firewall technology that you use and that we support. The technical volume of your network traffic will also need to be matched with our capacity.
  • We have tried to create a very streamlined process involving no negotiations for contracts. We have a standard EULA. Because we access no ePHI data, don't use tracking pixels, and don’t use a broker with access to PHI data, we do not need to conform to HIPAA or HIPAA-related state regulations.
  • Hopefully you will not need to go through an internal procurement process for the free subscription, but if you do, be advised that we only support the AWS  Marketplace (including the AWS OMNIA contract) procurement vehicle at this time.
  • Should you want to add additional firewalls, general pricing is listed below. 

General Pricing for Celerium's Compromise Defender Solution

Our Data Breach Defense Program leverages Celerium's Compromise Defender solution. Beyond the first free firewall that hospitals may be eligible to use for one year, the standard pricing is listed below.

  • Compromise Defender – Single Firewall Solution
    • $25,000 per firewall per year*
  • Compromise Defender Solution Package
    • $60,000 for 3 firewalls per year*
  • Compromise Defender Advanced Solution
    • $115,000 for 6 firewalls*

*All pricing is dependent on the volume of traffic flowing through your firewall, specifically EPS (events per second). This is because we incur significant costs to process, store, and analyze data for higher volume (EPS) firewalls than for smaller ones.

Data Breach Defense Program for Protected Health Information -

Technical Overview

  • Detection – When threat actors break through an organization’s perimeter, they become intruders and start to steal sensitive patient data (e.g., PII, ePHI). Detecting data breach activity can take months, according to IBM and other sources. Celerium’s solution automatically detects malicious activity in several different ways. Malicious traffic that is trying to enter an organization’s network via the firewall is evaluated and scored via our Decision Engine running securely on the AWS cloud. This enables automated network defense, where firewall blocklists are re-optimized every 15 minutes. Detection of potential data breach activity is implemented via a range of proprietary mechanisms. Our solutions are engineered to detect both long term persistent data breaches as well as tactical "smash and grab" data breaches.
  • Legacy System Detection: Many hospitals have legacy systems with PHI data and are concerned about how to detect problems since they cannot install agents on those systems. The Celerium solution does not require the installation of any agents on any servers, including legacy servers, yet it is able to monitor potential malicious communication activity from those servers. 
  • Containment: Containment of PHI data breach activity can be activated manually or automatically.

Technology: The solution connects to an organization’s public-facing firewall and sends syslog data to Celerium’s proprietary Decision Engine, hosted on the AWS cloud, which analyzes data breach activity.

Data Privacy: Although we focus on the protection of PHI data, we do not access any PHI or ePHI data. We do not use tracking pixels. We have no patients who log onto our system. We work with no brokers or outside groups using ePHI data. Therefore, we do not believe we have any issue with HIPAA or state privacy regulations on PHI. The Compromise Defender solution does comply with the HIPAA security rule (secure in transit and encrypted at rest). We do comply with GDPR to protect PII data.

Sensitive Data: We do not access your data content or packets. The solution only analyzes syslog, layer 3 metadata.

Data Sharing: 

  • Encryption in Transit: Syslog data sent from customer firewalls to Celerium's Compromise Defender solution hosted on the AWS cloud is encrypted during transmission, provided that the firewalls support this feature. This ensures that data is protected while being transferred over the network.
  • Client Connection Security: The connection between clients and your SaaS solution is encrypted, which safeguards the data being transmitted between users and the application.
  • Encryption at Rest: All data stored within Celerium's Compromise Defender solution has encryption at rest enabled using AES-256 bit encryption.
Note: SOC2 Type 2 report can be made available upon request.

Implementation: Since we know your organization is very busy, we have engineered our solution to be easy to implement. No new hardware or software is required. The process involves configuring your firewalls to connect to the Celerium solution. We schedule a 30-60 minute meeting to guide you through the implementation.

FAQ

  • How many firewalls can be configured? If your organization is eligible for available free subscriptions in the Data Breach Defense Program, we allow two firewalls per organization. If you’re interested in purchasing additional licenses, contact info@celerium.com
  • Which firewalls do you support? The supported firewall list is available here.
  • Does the solution work with any firewall management systems? Currently, we can work with Palo Alto Panorama. Others are being researched.
  • Does your solution and the Data Breach Defense Program cover cybersecurity issues for medical devices (IOMT) and email systems? Our solution and program covers data breach defense for important patient data stored on servers behind hospital firewalls. It does not cover cybersecurity or data breach defense for medical devices or IOMT nor email systems.
  • How would your solution work with a SOC (Security Operations Center): For hospitals with a SOC, we know their staff are often overloaded with alert fatigue. Also, the detection and analysis of PHI data breach activity is much more complex than detection of individual incident sand events via a SIEM. Most SOCs don't have the time or resources to perform the big data analysis required for data breach detection. Our solution can help SOCs in the following ways:
    • PHI Data Breach Detection: We perform the big data analysis leveraging several cyber threat intelligence (CTI) feeds to automatically score threats so your team doesn't have to. 
    • Alerts and notification: We can alert your overloaded SOC staff about potential PHI data breach activity.
    • Analysis: If you have SOC analysts, they can use our solution along with our cyber threat intelligence (CTI) sources (Greynoise, Virus Total, and AlienVault OTX), to analyze threats. We will filter out most industry false positives.
    • Tactical Response (Containment): We provide surgical containment mechanisms to stop the PHI bleeding without having to shut down critical servers. 
    • Automation: Your staff has the option to active prevention measures, such as network defense, and containment measures.

  • If we don't have a security operations center (SOC), can we use Celerium's solution? Definitely! We work with many small and medium-sized companies. We realize that many small and rural hospitals may not have a SOC or even IT security staff. Our solution is engineered to be implemented in 30 minutes or less and does not require integration with other tools beyond the firewall (although integration is possible). The solution also has optional automated defense and containment measures. 
  • Will the solution provide any response functions?  Yes, hospitals can manually or automatically activate surgical containment, meaning it can narrowly contain data breach activity by blocking selected IP address. In responding to many security events, organizations typically need to use isolation-based containment which disconnects the system completely resulting in disruption to the business, patients, and partners. With the Celerium solution, the IT and management organizations can use isolation or surgical containment as appropriate. The Celerium solution does not replace isolation-based containment, it simply provides a complementary option.
  • Do you provide any human resources for response, IR, or managed services? No, but we will work with response vendors such as IR firms. 
  • What details can you tell us about your data breach detection technology? We implement a range of propriety detection technologies and are constantly evolving new technologies. 
  • How is AI used? Our 2025 Data Breach Defense Program uses AI to improve our detection of PHI data breach activity. Although the details regarding our use of AI are proprietary, we can say that detection of data breaches is a very complex task -- especially given the increasing creativity of threat actors and their evolving use of AI. 
  • Do you use CTI (cyber threat intelligence) into your solution? Absolutely! Our Decision Engine actively and automatically uses several CTI sources including commercial and open-source feeds.
  • What about integrations? 
    • If you are concerned about integration and integration fatigue, don't worry. You can use our solution out of the box. Our cloud-based Decision Engine is internally integrated with data collection, big data processing, CTI integration, threat scoring, notifications, manual and automated network defense, manual and automated surgical containment, and reporting dashboards and analysis reports. 
    • If you do want to integrate Celerium's solution with your security stack, you can do so via our feeds. 
  • What is your familiarity with cybersecurity compliance? We are familiar with most of the compliance frameworks such as CSF, CIS, ISO, HIPAA and others. Beyond that, we have a very detailed understanding of the NIST framework. Our team has implemented NIST 800-53 and NIST 800-171 internally. In the defense industry, the DoD created the CMMC framework for the defense industrial base (DIB). We are authorized by the DoD-affiliated Cyber Accreditation Body (Cyber AB) to provide CMMC educational content for use in training CMMC assessors.
  • What is Celerium’s cybersecurity posture as a company? Although it’s not appropriate for us to disclose all the details of our internal security mechanism, we can say that we implement industry best practices for:
    • MFA
    • Pen Testing
    • Encryption of data at rest and in transit
    • External Security Audits and review
  • How can we learn more about Celerium’s solution and the Data Breach Defense Program? We will offer webinars in the coming weeks to provide more technical and solution information. These webinars will include group demos so you can see the solution in action. You also can send us a question by emailing us at info@celerium.com.
  • I provide consulting to hospitals. How can I participate? The Data Breach Defense Program is limited to hospitals only.
  • How can I become a program participant? We’re excited to work with you! First, fill out this form. Then, we will ask you for your technical team to answer a few questions to ensure technical compatibility with our solution.