Skip to content

Technology Virgin Pulse Announcements

Virgin Pulse Demonstrates Commitment to Data Security with Completion of HITRUST CSF Certification 

Healthcare data remains incredibly valuable, and companies that interact with it have legal, ethical, and moral obligations to keep it safe. Still, it is a top target for bad actors, with more than 590 organizations reporting healthcare data breaches to the HHS Office for Civil Rights in 2022. Collectively, these breaches impacted more than 48.6 million individuals, up from 40 million in 2021.i Data breaches are incredibly costly for companies, causing significant reputational and financial harm. 2022 was the twelfth consecutive year that healthcare had the highest average data breach cost of any industry at $10.10M – a whopping 42% increase since 2020.ii  

We are proud to share that Virgin Pulse has achieved HITRUST® Common Security Framework (CSF) Certification, the most comprehensive security framework currently available. This accomplishment demonstrates our company’s commitment to data security, and providing our clients with easy to use, reliable and secure collaboration.  

“Data is an important piece of what makes Virgin Pulse unique and powerful, so ensuring the confidentiality and security of our data and information assets is a critical responsibility. Our clients expect that we will meet industry compliance requirements, which are only increasing in complexity,” said Kris Kistler, chief information security officer, Virgin Pulse.  

Virgin Pulse has successfully completed the HITRUST validation and certification process across its entire platform environment, which now includes the integration of the APH and Welltok acquisitions – a monumental effort bringing together multiple companies with significant data assets. 

Virgin Pulse has also successfully completed several other certifications for the combined entity. These include the 2022 ISO-27001 Security Certification, an international standard that demonstrates the security of a company’s information assets, and the SOC2 Type 2 certification, which validates how well a company safeguards customer data and how well those controls are operating.  

“Kudos to the entire information security team at Virgin Pulse and others who were involved in achieving our HITRUST, SOC2 and ISO-27001 certifications. To successfully achieve these within a year of acquiring two companies with massive data stores as a combined organization is simply outstanding. Our current and future clients and partners should feel confident that working with Virgin Pulse means that the highest levels of security are being met,” Kris added.  

The HITRUST CSF consolidates and normalizes controls from over 40 regulatory standards, including ISO-27001, HIPAA, PCI, GDPR, NIST, AICPA, into a single point of reference. More information about Virgin Pulse’s HITRUST CSF, ISO-27001, and SOC2 certifications can be shared upon request.  

[1] Health IT Security, “This Year’s Largest Healthcare Data Breaches,” Dec. 20, 2022

[2] IBM’s Cost of a Data Breach 2022 Report