Why Your Data Center Must Be Owned & Operated by U.S. Citizens

U.S. healthcare consumers’ data is too important to let it be exposed to foreign actors and threat vectors. Make sure your data center is 100% owned by U.S. citizens, and that only U.S. citizens operate and staff the data center. Doing so offers a vital layer of protection and allows for the protection of US law and data custody standards.

To be clear, it’s an imperative not driven by xenophobia or politics. Being U.S.-citizen-owned and operated is simply about making sure your data center’s owners don’t have a built-in incentive to compromise security, whether because of ties to overseas investors, links to foreign governments, or because their business is incorporated under another nation’s laws.

According to data service Statista, nearly 70% of web application attack traffic originates outside the U.S. — and the top foreign sources might be surprising: Netherlands (11.9%), China (7.1%), Brazil (6.2%), Russia (4.4%). Healthcare is the fourth most-targeted industry for cyber espionage, accounting for 24% of breaches globally.

Today’s headlines are full of examples showing the consequences of data breaches to healthcare organizations: lawsuits, criminal investigations, reputational damage — not to mention the risk of identity theft and other harm to consumers themselves. Statista added: “In 2017, the average costs of cybercrime in the United States amounted to 21.22 million U.S. dollars, the most costly worldwide.”

In the U.S., health information privacy and security are governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), regulated by the U.S. Department of Health and Human Services (HHS). HHS summarizes key elements of the HIPAA Security Rule here.

In addition, the U.S.-based not-for-profit HITRUST Alliance — which is made up of leaders from across the healthcare industry and its supporters — plays an important role in certifying data center systems. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF® (a widely used information privacy and security framework) helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.

DP Facilities, Inc. is 100% U.S.-citizen-owned and operated. Our flagship data center, Mineral Gap — located in Wise, Virginia — is HITRUST CSF® certified, demonstrating that Mineral Gap’s BMS, EPMS, SOC, and NOC systems have met key regulations and industry-defined requirements in colocation, including hybrid colo, for healthcare and is appropriately managing risk, including HIPAA certification.