FTP HOSTING – HIPAA Statement
NOTE: This HIPAA Statement is current as of February 16, 2019.
CyberLynk provides multiple safeguards to our HIPAA sensitive customers, including:
1) Our servers are all located in highly secure data centers, thereby making it impossible for equipment (such as a hard drive containing medical data) to be stolen.
2) Our servers do not accept Anonymous-FTP connections, the most common hacker method of seeking out an FTP site for possible attack.
3) FTP username and password is required.
Important Note – Password creation is your responsibility. We recommend that you make all passwords difficult to crack and follow reasonable standards for password security. Contact support for recommendations.
4) We offer the use of 128-bit transfer encryption via two methods:
- “FTP over HTTPS (SSL)” – requires the use of the CyberLynk’s browser-based java applet.
- “FTPS (SSL)” – requires the use of software with a setting/feature of “FTPS” (Implicit or Explicit)
Important Note – It is suggested that your users exclusively connect via one of the above methods supporting encryption.
5) We proactively monitor and react to intrusion attempts into our systems through the use of a sophisticated Intrusion Detection System (IDS) and multiple operating system level security tools.
6) No copies of your files reside on any offsite or long-term storage media. We only backup your data nightly for disaster recovery purposes. No tapes are used and this data never leaves the building. In addition, backups are overwritten the next day.
1) CyberLynk is not considered a “Business Associate” and is not itself subject to HIPAA regulations. In practical terms, we are not a Business Associate because we are nothing more than the electronic equivalent of a courier or delivery service.
2) CyberLynk considers its services “HIPAA Ready,” and proper use of the tools we provide should meet your needs of HIPAA compliance, however you should consult your own attorney in that regard.
3) This information is general in nature and should not be relied upon as legal advice. We also recommend a look at http://www.hipaadvisory.com