About Midnight Health
Midnight Health is an emerging start-up/health disrupter experiencing rapid customer growth annually at 300% p.a. They operate a unified healthcare platform that enables rapid connectivity of patients using telehealth and other digital services to doctors and pharmacists for a range of healthcare services. Midnight Health to-date has provided care to over 16,000 patients, currently providing the following products/services:
- Prescription & Over-The-Counter Treatments
- Anyscript: Upload any e-prescription for express delivery to patients
- At-Home Testing
Leveraging modern technology; Midnight Health’s mission is to democratise healthcare through a patient-centred digital platform that consolidates a currently fragmented healthcare service industry, simplifies experiences, improves accessibility and enhances patient outcomes.
To differentiate themselves in the market and drive continual innovation; the technology underpinning this mission is built for easy deployment of products into D2C brands and B2B partners such as nib.com.au, whilst also built to provide patients with personalised, connected; and predictive preventative care.
In partnership with CMD Solutions
For Midnight Health, security and technology is at the heartbeat of everything they do to enable new ways to deploy products to market, and for patients to securely access the health services they require with ease.
CMD Solutions were engaged to provide both security and AWS expertise; best practices in these areas were implemented from day one across their current/future technology stack and operationalised into their internal processes and procedures.
“We have partnered with CMD Solutions to help drive our business objectives through technology enablement. CMD Solutions have provided us the end-to-end AWS expertise required for us to achieve our future growth and innovation objectives” – Midnight Health
Key objectives of the initiative:
- B2B & D2C Partnerships: A key ingredient to Midnight Health’s success is partnering with other health suppliers whilst adhering to supplier assurance processes and compliance standards
- Product Enablement: Enable new products and services to be delivered to market at speed; through the Midnight Health Platform
- Secure by Design: Build a security first approach and ensure all standards & compliance requirements are addressed , e.g. Privacy act and PCI-DSS
- Platform Expansion: Enable Midnight Healths underpinning cloud platform to scale and support rapid growth/expansion, e.g. international expansion, and development of new modules to market
- AWS expertise and knowledge transfer to enable the midnight health development & platform team
We partnered with Midnight Health to provide both an independent AWS security/platform focused assessment and security/platform focused delivery capability to act upon the recommendations and resolve high priority security related gaps.
- Provided independent trusted advice on the current technical and security configuration of the midnight Health AWS platform.
- Provided compliance assessment and advice on PCI-DSS requirements and implications related to processing credit card payments.
- Provided a road map and an AWS security focused design to support & enable the future growth in Midnight Healths digital healthcare platform.
- Worked to deliver and implement that design and roadmap in a collaborative manner with Midnight Health, including a complete landing zone refactor that incorporated AWS well architected and security principles.
- Assisted Midnight Health with refactoring their web based application from an elastic beanstalk deployment into an AWS fargate container environment and supported Midnight Health on the initial journey from a monolithic application architecture to a contemporary micro services architecture.
The following structure was followed in the delivery of this engagement
Discovery and Analysis:
- Automated and manual discovery
- PCI DSS review, Security, Risk assessment, Threat modelling and Recommendations
Delivery: Platform and Security Uplift
Implementation of: Control Tower. IAM (Roles, Users, Groups, Policies, SSO), Security Groups, NACL’s, Transit Gateway, AWS Backup, SSM Session Manager, SSM Parameter Store, AWS Budgets, AWS Config, Cloudtrail, Security Hub, GuardDuty, AWS KMS – encryption, Cloudfront, Lambda@Edge, ECS Fargate support and consulting, Infra CI/CD – including automated workflow via Github actions with integrated secure code scanning and backend runner.
Documentation, Training, Handover
- Detailed documentation and design artefacts
- Dual upskill and delivery model for delivery, to ensure learnings and skills are uplifted during delivery, and dependencies for future initiatives on CMD Solutions are reduced
- Sprint showcases and brown bags to socialise deliverables, design artefacts and help operationalise any change in process/procedure
- Delivered an independent security assessment that helped Midnight Health understand the key issues and risks, while also providing a benchmark against Industry Security frameworks eg CIS
- Implemented a platform that aligns with AWS best practices in terms of architecture and security policy and controls
- Implemented a platform underpinned by automation providing a consistent and repeatable method for Midnight Health to provision and manage infrastructure and security controls
- Provided a security roadmap to guide and support Midnight Health with layering security controls and related initiatives into the future
- Uplifted Midnight Health’s system resiliency to meet their RTO and RPO objectives
- Progressed a key application transformation initiative replacing a monolithic application with a contemporary services and container based architecture approach that provides a more scalable and robust platform to support the business into the future
What’s next for Midnight Health
Midnight Health roadmap includes the development of further products and capabilities to be powered by its Midnight Health AWS platform. The growth initiatives include; international expansion, the development of 6 new modules and mobile applications to deliver digitally-led care plans and health management programs for their direct patients and clinical partners.
The roadmap has factored in using SaaS offerings for clinical partners; and direct to customer interfaces will include websites & mobile applications. CMD Solutions will work in close partnership with Midnight Health to enable their future growth strategy.