Castlight Health Achieves Two HITRUST® Certifications, Further Underscoring Commitment to Data Security and Privacy

June 28, 2019

SAN FRANCISCO, June 28, 2019 — Castlight Health, Inc. (NYSE: CSLT) today announced that it has earned two HITRUST certifications for information security. This achievement places Castlight in an elite group of organizations worldwide that have met key regulations and industry-defined requirements, and is appropriately managing their risk.

The certifications are “HITRUST CSF® Certified” and “HITRUST Certification of the NIST Cybersecurity Framework.” HITRUST CSF Certified status demonstrates that Castlight has met key regulatory and industry-defined requirements, including those of the Health Insurance Portability and Accountability Act (HIPAA), the International Standards Organization, the National Institute of Standards and Technology (NIST) and Control Objectives for Information and Related Technologies (COBIT), as well as state-specific regulations. HITRUST Certification of the NIST Cybersecurity Framework ensures that Castlight is meeting the highest standard on how to prevent, detect, and respond to cyber-attacks.

“Data is the foundation of Castlight’s health navigation platform, so data security is a top priority. We are pleased to have received these certifications, confirming Castlight meets the high standards of HITRUST in the security of both enterprise and individual data management,” said Maeve O’Meara, executive vice president of product and customer experience at Castlight Health. “Our customers and their employees can be confident in our ability to deliver engaging, personalized health navigation while protecting their information.”

“HITRUST has been working with the industry to ensure the appropriate information protection requirements are met when sensitive information is accessed or stored in a cloud environment. By taking the steps necessary to obtain HITRUST CSF Certified status, Castlight is distinguished as an organization that people can count on to keep their information safe,” said Ken Vander Wal, Chief Compliance Officer, HITRUST.

Receiving HITRUST CSF Certification and HITRUST Certification of the NIST Cybersecurity Framework supplements Castlight’s existing privacy and security protections and certifications. In addition to its HITRUST CSF Certified status, Castlight has completed SOC 2® reporting, which ensures service providers securely manage data. Castlight operates in compliance with relevant privacy laws, including HIPAA standards and the General Data Protection Regulation, the European Union law on data protection and privacy. Castlight takes its commitment to exceeding customer expectations of information protection seriously, and is continuously updating these safeguards and seeking new ways to ensure the highest level of data security.

About Castlight Health
Castlight is on a mission to make it as easy as humanly possible to navigate healthcare and live happier, healthier, more productive lives. Our health navigation platform connects with hundreds of health vendors, benefits resources, and plan designs, giving rise to the world’s first comprehensive app for all health needs. We guide individuals—based on their unique profile—to the best resources available to them, whether they are healthy, chronically ill, or actively seeking medical care. In doing so, we help companies regain control over rising healthcare costs and get more value from their benefits investments. Castlight revolutionized the healthcare sector with the introduction of data-driven price transparency tools in 2008 and the first consumer-grade wellbeing platform in 2012. Today, Castlight serves as the health navigation platform for millions of people and is a trusted partner to many of the largest employers in the world.

For more information visit Follow us on Twitter and LinkedIn and Like us on Facebook.