📜 The Background
Historically, access to Hippo was restricted to the NHS’s Health and Social Care Network (HSCN). This meant practices had to connect via an HSCN-enabled internet service provider (ISP) or a VPN.
While this offered strong network-based access control, it came with challenges:
Many practices wanted to access Hippo from home or on the move.
Some ISPs or VPN providers didn’t route our traffic correctly.
Troubleshooting these network issues could be time-consuming, and in some cases, prevented us from supporting otherwise willing practices.
After a thorough review and appropriate internal approvals, we decided to make Hippo accessible over the public internet. But that didn’t mean compromising on security — it meant re-engineering how we protect your data.
🛡️ Our Security Philosophy
Security isn’t just a feature; it’s part of how we design, build, and operate Hippo. We follow a multi-layered security model, so even if one safeguard is bypassed (which is already very unlikely), others remain in place.
We are Cyber Essentials Plus certified, run annual penetration testing, and continually monitor our systems for suspicious activity.
🧩 How We Keep Hippo Safe — Even Publicly
1. Secure Development From Day One
Static Analysis Security Testing (SAST): Automated scans of our codebase to detect vulnerabilities before release.
Dynamic Analysis (DAST & API fuzzing): Actively testing live systems for runtime vulnerabilities.
Secrets Management: Prevents hardcoded passwords or API keys in code.
Container Security: Every software component is scanned for vulnerabilities before deployment.
2. Strong Authentication & Access Control
Multi-Factor Authentication (MFA) is mandatory for all accounts via Auth0.
OAuth 2.0 Best Practices: Following RFC 9700 guidelines with vetted libraries.
Short-lived tokens & rotation: Tokens expire quickly and are automatically refreshed securely.
Role-based access: Sensitive endpoints are only accessible to authorised users.
3. Network & API-Level Protections
Web Application Firewall (WAF): Filters malicious requests before they even reach Hippo.
Rate Limiting & Throttling: Prevents abuse by limiting excessive requests.
Private infrastructure: Databases are in private networks; only necessary public endpoints are exposed.
Audit Logging: Every access to patient-identifiable information is logged for compliance and review.
4. Data Protection
Encryption in transit: All traffic is HTTPS/TLS-encrypted.
Encryption at rest: Data stored in RDS, S3, and DynamoDB is encrypted using industry-standard AES-256.
Strict retention policies: Data is only kept as long as needed for clinical and operational purposes.
5. Continuous Monitoring & Response
Anomaly detection: Automated alerts for unusual access patterns.
24/7 alerting: Rapid response capability for any security incident.
Regular reviews: Security policies are updated whenever technology, threats, or regulations change.
💡 Why This Matters for You
By moving to a secure public endpoint:
Practices can access Hippo from anywhere, whether at home, in clinic, or on the move.
We reduce technical barriers without sacrificing patient data protection.
You still get bank-grade encryption, enterprise-grade authentication, and proactive monitoring.
In short: More accessible. Just as secure.
If you have any security questions or concerns, you can contact us directly at [email protected] — we’re always happy to talk about how we keep your data safe.