High-level data security is the basis of Mehiläinen’s operations
Data security, confidentiality and safety of patient data form the critical basis of Mehiläinen’s operations. Mehiläinen utilises all available measures to secure patient data. We apply various measures that guarantee the company’s high level of data security:
- Connections to the internet are critical in terms of data security, and the company secures these connections for example through code level testing, firewalls, restricted access rights and multi-factor authentication. Connections to Mehiläinen’s systems are tested regularly by an external information security company.
- All software available in the market has vulnerabilities that are fixed when they are detected. Mehiläinen applies a wide range of measures to ensure that supported versions of software are used and security patches are applied in production systems.
- The use of systems and networks is monitored and, if any abnormal behaviour or traffic is detected, an alarm is triggered.
- In addition to in-house data security experts, the company utilises cyber defence centre services of an external data security company.
Data protection and data security are part of Mehiläinen’s ISO 9001 certified quality management system. We store our patient data in a system approved by authorities. Mehiläinen’s information systems and services are hosted in ISO 27001 certified high security data centers. We comply with the EU General Data Protection Regulation, the current legislation and the guidelines regarding the processing of personal data issued by authorities.
Data security risk management is part of Mehiläinen’s overall risk management efforts. We monitor the risks related to our activities regularly and systematically and develop our activities on an on-going basis. However, no system or activity is without its gaps, and the risk of human error and crime exists even if high-level precautions are taken.