PRESS RELEASE

San Francisco " June 11, 2009 " nCircle, the leader in security and compliance auditing solutions, and Health Information Trust Alliance (HITRUST) announced today that nCircle has been selected as the provider of vulnerability and configuration assessments as a service for the HITRUST Central portal. The nCircle Suite360-based offering is an easy-to-use, Internet accessible service that enables healthcare organizations to scan their IT systems for known vulnerabilities and to ensure their IT systems and medical devices are securely configured. This service enables healthcare organizations from the smallest physician's offices to the largest global organizations to reduce their risk from external threats and ensure that sensitive personal and financial health data is protected. The service dramatically reduces the complexities and costs associated with demonstrating compliance with regulations and standards such as the HITECH Act, HIPAA and PCI.

The new nCircle vulnerability and configuration scanning service is an integral component in the HITRUST Central strategy to ensure best practice security tools and services are readily accessible to the thousands of healthcare organizations " many of whom do not currently have the resources to assemble a comprehensive solution.

"With many hospitals and healthcare providers moving to Electronic Health Records, it is critical that these organizations have appropriate vulnerability and configuration scanning capabilities—they are a critical way to safeguard systems and applications that store sensitive personal and financial health information. Without these scanning solutions, organizations are unaware of the security risks," said Michael W. Frederick, Corporate Director, Office of Information Security and Chief Information Security Officer, Baylor Health Care System.

HITRUST, in collaboration with healthcare, business, technology and information security leaders, is ensuring information security becomes a core pillar that enables the electronic exchange of health information. To achieve a standard level of IT security, HITRUST has delivered a Common Security Framework (CSF) covering a range of regulatory requirements with a consolidated set of controls and implementation guidelines.

"The industry is on the verge of broad adoption of electronic healthcare information and it is imperative that organizations can ensure that information is protected in a consistent, practical and cost effective manner," stated Daniel Nutkis, CEO, HITRUST. "Vulnerability management is a critical step and best practice for any security strategy. Our partnership will enable the entire healthcare industry access to nCircle's solutions, the industry leader for comprehensive security risk and configuration auditing. "

"HITRUST is not just establishing the methodology and approach for organizations to safeguard health information, but making available a best of breed suite of tools to allow organizations of all sizes and levels of sophistication to implement it," said Abe Kleinfeld, CEO, nCircle. "nCircle is committed to supporting this important initiative to make the entire healthcare supply chain more secure."

As part of the partnership, nCircle will play an active role in HITRUST working groups developing Security Configuration Packs (SCPs) for the HITRUST Common Security Framework. The SCPs will proactively address ideal configuration standards for third-party health information systems. The first Security Configuration Packs are targeted for the following vendors: Cerner, Eclipsys, eClinicalWorks, Epic Systems and McKesson. The Software as a Service (SaaS) Vulnerability and Configuration Assessment Service will be generally available in mid-July through HITRUST Central, an online community for healthcare IT security and compliance professionals. For more information on nCircle Suite360 security and compliance auditing solutions, visit www.ncircle.com and for more information on HITRUST Central, visit www.hitrustcentral.net.

About nCircle nCircle is the leading provider of automated security and compliance auditing solutions. More than 4,000 enterprises, government agencies and service providers around the world rely on nCircle's proactive solutions to manage and reduce security risk and achieve compliance on their networks. nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto. Additional information about nCircle is available at www.ncircle.com.

About HITRUST The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption and utilization of health information technologies and exchanges. This, in turn, is critical to realizing the related promise of quality improvement and cost containment in America's healthcare system. HITRUST is collaborating with healthcare, business, technology, and information security leaders to establish a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. Beyond the establishment of the first Common Security Framework (CSF), HITRUST is also driving adoption and widespread confidence in the framework and sound risk management practices through awareness, education, advocacy and other outreach activities. For more information, visit http://www.HITRUSTalliance.net.