MME Protect – Features

MME Protect is our collection of services to help your Practice meet the Security Best Practices.

Services Provided

MME will provide the following services with the goal to utilize them to better protect your Practices network. These services will evolve with time as we continue to identify new challenges and develop solutions.

  • Antivirus Software (learn more here)
    • We will supply and install a licensed copy of LogMeIn Antivirus on each Windows PC within the network.
    • We will monitor regularly to verify it is automatically updating and if any malware or virus has been detected
      • If malware or a virus is detected we will alert the Practice and recommend a course of action. Cleanup of the issue detected is not included.
  • Acronis Cyber Protect Backup Software (learn more here)
    • We will supply, install, and configure Acronis Cyber Protect backup software on one server per location.
      • Purchase of any necessary backup media (USB hard drives and/or Network Attached Storage devices) to hold the backups is not included. Review of needs and recommending of the appropriate backup media is included.
      • All configured backups will be configured with at least 128 bit encryption by the Acronis Backup Software. If a backup device is lost or stolen the data stored on it will be protected.
    • We will monitor the configured backups.
      • If a backup repeatedly fails we will endeavor to resolve the issue with the equipment, but there may be cases where hardware needs replaced. In those cases we will alert the Practice and recommend a course of action.
    • We will periodically perform a test restore of a portion of the data in the backups to verify proper operation of the backup system. This may discover an undetected issue and allow resolution.
  • Internet Backup (learn more here)
    • An Internet Backup can be used to augment the local backup and provide an additional layer of data protection from data loss events and hackers.
    • A Carbonite Internet Backup will be installed and configured on Servers on an as needed basis.
      • Included in one Carbonite Office plan for up to 500GB of data on one data server. Additional capacity and servers may be included but for additional fees.
      • Not all Practices or locations will require this or be suitable for this. The Internet connection and other factors must be consider. Review of needs and recommendations are included.
    • The Carbonite backup will be monitored.
      • If a backup repeatedly fails we will endeavor to resolve the issue with the equipment, but there may be cases where hardware needs replaced. In those cases we will alert the Practice and recommend a course of action.
  • Workstation Health
    • Available hard disk drive space will be monitored on Windows PCs. Running out of disk space on a workstation can lead to crashing of the computer.
      • If low disk space is detected we will alert the Practice and recommend a course of action. Cleanup of the issue detected is not included.
    • S.M.A.R.T. disk failure predictions will be monitored on Windows PCs equipped with suitable hardware. When enabled this can in some cases reveal a failing hard disk prior to crashing, allowing a more orderly resolution with little or no lost data or downtime.
      • If a S.M.A.R.T. failure is detected we will alert the Practice and recommend a course of action. Repair of the issue detected is not included.
    • Windows Update Monitoring. We will periodically review that PCs are set to automatically apply all available Microsoft Windows Updates.
      • Some PCs are deliberately not set to do this (based on other requirements like potentially an iCAT X-Ray PC) and those will be omitted.
      • If a PC is found to not be updating as configured we will alert the Practice and recommend a course of action. Repair of the issue detected is not included.
  • Hard Drive Encryption
    • Encrypting the hard disk drives in your PCs and Servers will make access to potential electronic health data contained on them very difficult if they are lost or stolen.
    • MME will enable Microsoft Bitlocker Hard Drive encryption on Windows 10 PCs and Windows Server 2016 and 2019 Servers equipped with suitable enabled TPM hardware.
      • In some cases it may not be possible or recommended to enable Bitlocker Encryption. This will be evaluated on a per device basis.
      • If a PC is equipped with a TPM chip but is not yet enabled, we will alert the Practice and recommend a course of action. Work to enable the TPM is not included.
    • Two copies of the resultant Bitlocker Keys will be stored, one set on customers network, the other set on MME’s network.
  • Windows User Accounts
    • Monitoring and review of new account creation.
    • Configuration of Domain and Workstations to utilize Microsoft Brute Force Account Lockout.
    • Annual review of Domain accounts to discover unneeded accounts or elevated privileges
  • Password Strength
    • Recommendations for secure passwords
    • Configuration of Domain and Workstations to utilize Microsoft Password Complexity requirements
    • Annual review of known passwords to determine if weak/breached
    • Recommendation and assistance setting up secure 1Password manager if desired
  • WiFi System Configuration
    • We will configure your WiFi system to have an Private zone (for devices with needs to access Practice data) and a Guest Public zone for staff and visitors to use for general Internet access.
    • We will time restrict the guest zone.
    • To properly implement this system your Practice must be equipped with Ubiquiti UniFi WiFi access points. MME can provide and install these devices, but this is not included in the service.
    • WiFi access points will be periodically updated with the latest available firmware from Ubiquiti. These updates often include patches for any security issues discovered in their devices. WiFi services will be temporarily unavailable during these updates.
    • Changes to the WiFi access passwords is included as needed. Assistance in changing/updating any devices linked to the WiFi system is not included, but help with this is available from the MME support team.
    • As part of the Annual review the configuration will be reviewed and any recommended changes to configurations or passwords will be discussed. Implementing of configuration changes to existing equipment is included.
  • Advanced Internet Firewall (learn more here)
    • Having an smart Internet Firewall device capable of detecting and fending off hackers and keeping you staff out of trouble is a critical component of your Pratices security.
    • This feature requires the Practice owns WatchGuard UTM Firewall with an active Advanced Security Subscription and appropriately sized for the number of workstations, users and Internet speed.
      • If the Practice currently owns the correct device it can be adopted into MME’s monitoring and management system
      • If the existing firewall device is inadequate MME will replace the device with suitable WatchGuard device as part of the service.
      • For the duration of the Service MME will continue the subscription of the device to keep it activated and in support.
      • Review of needs and recommendations are included with the Service.
    • A WatchGuard advanced threat detection agent will be deployed to applicable Windows PC. This agent can detect unusual behavior of a Windows computer and isolate it from the rest of the network in critical situations.
      • Monitoring of the agents is included and if an event is detected we will alert the Practice and recommend a course of action. Repair of the issue detected is not included.
    • The firewall will be periodically updated with the latest available firmware from WatchGuard. These updates often include patches for any security issues discovered in their devices. Internet communications will be temporarily unavailable during these updates.
    • A monthly executive security summary report and a HIPAA audit log of firewall changes will be emailed to the email address designated by the Practice. The executive summary will show you the most used websites accessed by your team, plus the most active Internet use by device.
    • As part of the Annual review the firewall configuration will be reviewed and any recommended changes will be discussed. Implementing of configuration changes to existing equipment is included.
  • Server Monitoring and Updates
    • If a dedicated Microsoft Windows Server is part of the network we will monitor for certain conditions in addition to the features already described above.
      • Event Log Monitoring – we will periodically review the Windows built in event logs for conditions that may be signs of issues with the server. Catching and resolving a minor issue now may prevent costly or damaging downtime later. When a serious condition is discovered we will alert the Practice and recommend a course of action. Repair of the issue detected is not included.
      • UPS Monitoring – if a Server is equipped with a Smart Uninterruptable Power Supply (UPS) that can communicate with the server we will periodically review its condition and event logs (if any). If a condition needing attention is discovered we will alert the Practice and recommend a course of action. Repair of the issue is not included.
    • Warranty Status – we will monitor the current warranty status of Dell PowerEdge servers.
      • Keeping your Dell Server in warranty is an important step is reducing downtime from unexpected hardware failures.
      • When a warranty expiration is coming up we will alert the Practice and recommend a course of action. In many cases the warranty can be extended.
      • The cost of any warranties are not included.
    • Microsoft Windows Updates will be periodically performed on the Server similar to as noted above for workstation.
      • The timing of the updates and associated system reboot will be coordinated with the Practice to occur at a time that will not interrupt normal operations of the Practice.
    • Periodically we will update the drivers and firmware of Dell PowerEdge servers. These updates are published by Dell to improve stability and address security issues.
      • The timing of the updates and associated system reboot will be coordinated with the Practice to occur at a time that will not interrupt normal operations of the Practice.
  • Annual Security Audit
    • Once per year MME will perform a formal security audit to review the situations noted above for conformance and to look for variations and room for improvement.
    • The decisions makers at your Practice (Doctor, Office Manager, etc.) should plan to all participate in an annual summary overview meeting so we can present to you the audit results, any issues needing attention, and outline the year ahead. This meeting can be in person or by Zoom, and will take less than 1 hour.

Terms of Agreement

Services are provided as a monthly subscription and will be charged automatically at the beginning of the month for the month ahead. A payment on March 1st is for the month of March. Services started mid-month will be prorated for that month based on total calendar days in the month. A form of payment for automatic payment must be provided (credit card or ACH).

We require at least an annual meeting with all the decision makers at the Practice (not just proxies) in order to appropriately convey the results of the audit and appropriately plan for the year ahead. Failure to make time available for this meeting may impact our ability to perform services. We know your time is precious, we won’t waste it.

The complete list of services defined here may change from time to time with or without notice as we continue to improve the offering. No services other than those explicitly listed here are included.

Cancellation

Service can be cancelled at any time without penalty after appropriate notice is given. Notice must be received in writing (email, letter, fax) and acknowledged by your MME Project Manager. There is no refund for unused services in the current month.

Limitations

There are a few limitations to what’s included, usually centered around the scope of an issue being much larger than normally expected. In these cases MME will be reaching out to you to explain the situation and resolution path.

  • Carbonite Internet Backup is based on the standard Office plan provided by them. This includes 500GB of data storage. If additional storage is required for your Practice, it is available in blocks of 100GB for $99 per year.
  • LogMeIn Antivirus monitoring does not include labor to correct the condition. It only includes monitoring, identifying and notification of the condition.
  • S.M.A.R.T. hard drive failure detection does not include parts or labor to correct the condition. It only includes monitoring, identifying and notification of the condition.
  • Low Disk Space monitoring does not include the parts or labor to correct the condition. It only includes monitoring, identifying and notification of the condition.
  • Periodic test restores of backup data are not a guarantee that they will work at any other time.
  • Any computer (Mac or Windows) that participates in the Practices network counts toward the totals.
    • If a computer regularly moves between multiple locations (i.e. a laptop), it will be counted only once in the most appropriate location.
  • If a customers network grows (or shrinks) from one size category to another (i.e. a 5 computer network expands and becomes 6 computers), the fee will automatically increase/decrease to the one appropriate for the size.
  • Not all services are applicable in all customer situations. There is no discount/credit for any portion of any service not utilized.