Arcadia’s Cybersecurity Controls Earn Highest Ratings Across All Categories in First-Ever Independent Evaluation from KLAS Research and Censinet

Data Platform Arcadia Analytics Rated ‘Mature’ Across All Cybersecurity Preparedness Evaluation Areas Including Network Security, Data Protection, Threat and Incident Response, and Other Categories

Arcadia (, the leading population health management and health intelligence platform, today announced that its healthcare data platform Arcadia Analytics earned the highest ratings in the first-ever Cybersecurity Preparedness Evaluation from widely-respected healthcare research and insights firm KLAS Research.  The evaluation was conducted independently by Censinet, the leading intelligent risk network for healthcare.

Arcadia Analytics earned a “Mature” rating across all evaluation categories: Network Security; Data Protection; Identity and Access Management; Threat and Incident Response; Legal and Regulatory; and Resiliency. The lower ratings in the evaluation were “Maturing” and “Immature.”

“We are the trusted partner of large healthcare organizations who rely on Arcadia Analytics to harness their data and provide the insights they need to drive outcomes,” said Bob Dupuis, SVP of Operations at Arcadia. “We have made major multi-year investments in building an enterprise-grade security and privacy program and an organizational culture that prioritizes cybersecurity. This evaluation from KLAS and Censinet, combined with our other cybersecurity certifications, is a validation of our unwavering commitment to protecting our customers’ IT infrastructures, and most importantly, safeguarding their members’ and patients’ protected health information.”

Enterprise-Wide Protection and Compliance

Earning the highest ratings across all assessment categories demonstrates the strength of Arcadia’s comprehensive and proven cybersecurity program. The Network Security and Data Protection categories, for example, indicate strong protection of clients’ IT infrastructure, protected health information and other types of sensitive data. A Mature rating in the Identity and Access Management category indicates Arcadia’s solutions help prevent attacks launched through phishing or other means of stealing employee credentials. Threat and Incident Response maturity demonstrates effective security controls to identify and stop the spread of malware or other potentially damaging software.

A Mature rating in the Legal and Regulatory category demonstrates that Arcadia’s security controls are highly compliant with federal and state laws and industry guidelines while a Mature rating in the Resiliency category reflects the solutions’ capability to maintain functionality despite attempted cyberattack.

Long-Standing Dedication to Cybersecurity

In 2019, Arcadia earned the prestigious HITRUST CSF®™ Certification for Arcadia Analytics, which places Arcadia in an elite group of worldwide organizations that have demonstrated the highest level of commitment to security, privacy, and regulatory compliance best practices. The certification demonstrates that Arcadia is appropriately managing risk and meets all leading industry security, privacy, and regulatory standards, including ISO, NIST, PCI, HIPAA, and state laws. To maintain its certification, Arcadia must ensure compliance with over 630 HITRUST security controls for its healthcare data platform, with regular monitoring and rigorous testing by a third-party auditor.

Arcadia also earned an ISO 27001 Certification in 2017 and a SOC 2 Type One report in 2019.  These credentials were awarded after Arcadia voluntarily brought in independent third parties to conduct comprehensive audits of the company’s security controls.

For the Cybersecurity Preparedness Evaluation, Censinet based its independent rating on a thorough review of answers and data provided in a detailed questionnaire from the firm. In total, 30 vendors with 115 solutions agreed to submit their solutions for evaluation, which is only approximately 10% of the eligible vendors in the industry.

“Cybersecurity has to be a core part of vendor evaluation given the potential impact of a breach, which means all C-suite leaders need to put security at the forefront of their partnership criteria,” said Taylor Davis, VP and GM of Vendor Performance Research at KLAS. “The research being done by KLAS and Censinet is very meaningful for providers in assessing a vendor’s cybersecurity capabilities and can significantly reduce some of the challenging and time-consuming effort in conducting in-house and third-party audits.”

Although the Cybersecurity Preparedness Evaluation can serve as a brief and insightful guide, Gale cautions that such an assessment is not meant to replace a thorough cybersecurity due diligence process conducted by the healthcare organization’s information technology and compliance teams. However, the assessment can help focus and refine a healthcare organization’s vendor search.

“We are grateful to KLAS and Censinet in helping healthcare organizations identify vendors who prioritize cybersecurity readiness and transparency,” Dupuis said. “Such assessments help providers ensure they partner with vendors who take the security of patient data as seriously as they do.”