NaphCare operates health IT infrastructure for 456 correctional facilities across 49 states - a threat surface most healthcare vendors don't touch. The company runs its own EHR platform, TechCare, and a patient portal called MyCare, serving a population with severe operational constraints: limited connectivity, strict access controls, and environments where device security and data isolation aren't optional. The attack model here is distinctive - you're securing clinical workflows inside facilities where physical and digital perimeters overlap in non-standard ways, and where a breach doesn't just expose PHI but could compromise institutional security.
Founded in 1989 as a correctional pharmacy operation, the company now employs over 6,000 healthcare workers delivering medical, mental health, pharmacy, and telehealth services. The technology stack supports everything from routine sick calls to dialysis and medication-assisted treatment - high-stakes clinical operations that depend on uptime, audit integrity, and compliance with both HIPAA and correctional facility IT policies. Telehealth capabilities add another layer: remote clinical sessions crossing network boundaries while maintaining confidentiality in spaces designed for surveillance.
The company is family-owned, headquartered in Alabama, and has been in operation for over 35 years. It positions itself around early intervention and integrated care delivery, which in practice means health IT systems need to handle complex workflows across fragmented environments with minimal margin for failure. This is healthcare infrastructure operating under constraints most EMR deployments never encounter - and the security posture has to reflect that reality.