The Aspen Group operates a distributed healthcare infrastructure spanning 1,400+ locations across 46 states, processing data for nine million patients annually. The threat model is clear: protected health information at scale, distributed endpoints, and independent practice partnerships that complicate perimeter defense. The environment runs multi-cloud - AWS, Google Cloud, and Azure - with datastores including Redshift, BigQuery, Snowflake, MongoDB, Cassandra, and multiple SQL variants. Security teams work across containerized environments (Docker, Kubernetes) and legacy practice management systems, requiring coverage from identity (OIDC, LDAP) through data layer.
The security program aligns to ISO 27001, SOC 2, and CIS Controls, with threat modeling informed by MITRE ATT&CK and Cyber Kill Chain frameworks. COBIT provides governance structure across independent practice operations. Infrastructure as code runs on Terraform, with GitLab handling CI/CD pipelines. The stack spans C#, Java, Python, JavaScript, Salesforce Apex, and PowerShell across development teams, requiring security tooling and code review processes that cover multiple languages and deployment patterns.
Founded in 1998, TAG provides centralized business support to five healthcare brands - Aspen Dental, ClearChoice, WellNow Urgent Care, Chapter Aesthetic Studio, and Lovet - supporting 5,300+ clinicians who see 35,000 patients daily. The security challenge involves protecting patient data while enabling independent practice owners to operate autonomously. Cloud-native data platform initiatives and digital transformation projects are active, requiring security architecture that scales with rapid technology adoption across distributed healthcare delivery.