LifeOmic offers customers $1 million guarantee it will block cyberattacks

The genomic data management company will reimburse its customers up to $1 million for certain data loss associated with unauthorized account activity.
By Jessica Davis
12:20 PM

LifeOmic, a genomic data management company, will reimburse its customers up to $1 million for loss of data caused by unauthorized account activity. Credit: LifeOmic

LifeOmic announced Tuesday that it will offer its healthcare customers a guarantee that private data stored in the cloud is protected from cyberattacks.

Under the guarantee, the genomic data management company will reimburse its customers up to $1 million for certain loss of data caused by unauthorized account activity. The guarantee is offered in addition to LifeOmic’s HIPAA and Business Associate Agreement obligations.

[Also: Indiana U, Regenstrief join forces with LifeOmic to create 'data commons' for genomics]

LifeOmic will be responsible for any financial extortion payment or service reimbursement up to $1 million. LifeOmic Founder, CEO Don Brown, MD said that this doesn’t cover damages done to systems outside of the company’s control, as that amount can be hard to quantitate.

“However, please keep in mind this is the first iteration of the program (and industry-first), and as a result we’re learning as we go,” said Brown. “It’s safe to say we may expand coverage as the program matures to systems compromised as a direct result of the LifeOmic PMP being hacked.”

[Also: The biggest healthcare breaches of 2017 (so far)]

The guarantee also covers misconfigured buckets, as long as it’s an error made by LifeOmic and not a customer action.

All active LifeOmic customers are eligible, and new customers will be automatically covered at the start of service. The guarantee is offered at no extra charge and will cover the event a customer’s data becomes unrecoverable or data integrity are irreversibly compromised due to a breach.

However, customers must take reasonable actions to maintain protection and will be required to implement LifeOmic’s recommended security practices to qualify for the guarantee.

Those practices include: never sharing account access information like usernames, passwords or answers to security questions with any third party -- unless needed as part of permitted use or if they’re subjected to confidentiality obligations, said LifeOmic CISO Erkang Zheng.

Further, customers must use password and account name unique for their LifeOmic account and use multi-factor authentication or multi-step verification whenever possible.

To LifeOmic, it’s imperative to keep “data ultra-secure, and our cloud platform was specifically designed from the ground up to meet modern cybersecurity needs and be protected from whatever virus, malware or hacker might come for it,” said Brown, in a statement.

“It’s extremely difficult to keep up with all the places where health IT infrastructure can be breached,” said Zheng, in a statement.

But Zheng said, the company is trusting in its cloud-native architecture that was built with a zero trust model and air-gapped production environment to protect customer data. Further, LifeOmic’s extensive automation ensures all customer accounts are centrally monitored and audited.

“Any potential vulnerability is immediately alerted and remediated across the platform,” said Zheng. “Cybersecurity-hardened solutions are no longer nice-to-have but have become critical and fundamental so healthcare IT departments can more easily and comprehensively protect patient data.”

Twitter: @JessieFDavis
Email the writer: