Security Services

Advanced Email Security

Data Loss Prevention (DLP) 

CUIMC uses a Data Loss Prevention (DLP) solution that filters outbound email messages and attachments to identify the presence of character patterns resembling Sensitive Data. If such a pattern is detected, it blocks the email and automatically sends a message to the sender with instructions to take the appropriate action. 

Messages and attachments that contain Sensitive Data from a CUIMC email to an address outside of the approved Organized Health Care Arrangement (OHCA) need to be encrypted through our Secure Email gateway to prevent it from being blocked automatically.

Targeted Attack Protection (TAP)

CUIMC Email also includes Target Attack Protection (TAP). This automatically rewrites links found in incoming email messages in order to evaluate whether or not the linked content is malicious. As phishing and other targeted attacks become more sophisticated, TAP is a solution that meets the challenge and helps protect the CUIMC community and its resources.

For more information visit Email Link Protection and Decoder.

External Email Tag

Messages sent from outside of the organization have an [EXTERNAL] tag added to the front of the email’s subject line as a quick visual reminder to scrutinize the message further before replying, clicking a link, opening an attachment, or otherwise acting on the contents of the message.  The tag will identify if someone has "spoofed" a CUIMC email address, which malicious actors may do to make an email seem as if it came from within your organization.  Full details are on the External Email Tag page.

Certified IT Group Onboarding and Training

The CUIMC Information Security Office will be responsible for analyzing and certifying that the IT Group is operating in a capacity that is consistent with University Policies and Procedures, as well as operating within an acceptable level of risk, as defined by CUIMC Executive Managers. 

Digital Forensics

CUIMC ISO Operations team performs investigations on digital materials by request from the Office of General Counsel, the HIPAA Privacy Office, and Research Compliance.

Encryption, Firewall and Public IP Exception Requests

The CUIMC ISO reviews and approves exceptions for:

Incident Response (includes Endpoint Detection and Response) 

The ISO Operations team is responsible for responding and investigating security incidents, including network forensics. We leverage an Endpoint Detection and Response (EDR) platform that allows CUIMC to rapidly respond to attacks. 

Mobile Device Management

ISO has launched MobileIron at CUIMC for using Epic programs on a mobile device.

Multifactor Authentication at CUIMC

For multifactor authentication via Duo at CUIMC visit


The Columbia University Irving Medical Center leverages the use of proxy services to protect both endpoints and servers from malicious activity. 

Secure Software Development Life Cycle

Applications should be designed and implemented with proper security requirements, secure coding practices, use of various development tools, and a focus on mitigating risks throughout the entire development lifecycle.   

CUIMC ISO recommends the following: 

Security Architecture Consultation

The CUIMC Information Security Office performs Security Architecture Assessments and Advisory supporting CUIMC Cross Functional Teams. 

Security Event Management

CUIMC ISO Operations leverages a technology platform to manage real-time processing and analysis of events. 

System Registration and Certification

The CUIMC Information Security Office (ISO) performs information security risk assessments of CUIMC IT systems using standards and regulations from HIPAA and HITECH.  The assessments help validate that patient, employee, business, and other sensitive or confidential data are protected.

An IT System that fulfills the assessment process is designated as “certified” by CUIMC IT Security when completed.  The goal is to have all CUIMC IT systems certified to enhance our security compliance posture for HIPAA, HITECH, and PII protection. 


Vulnerability Assessment and Web Application Scanning

CUIMC ISO conducts vulnerability assessment scans to report any deficiencies found in those scans to the system owner and technical support personnel. Scans are generated for systems during the certification process.