Managed Helpdesk
Unlimited remote and on-site support for your workforce. Tickets triaged and responded to within documented SLAs. No per-incident nickel-and-diming.
Discuss scope →IT Vector
Seven service pillars covering managed IT, networking, virtualization, storage, cybersecurity & HIPAA, data & AI, and training — delivered with hospital-grade discipline and open-source economics.
Pillar I · Managed IT
Your outsourced IT department.
The recurring foundation. Proactive monitoring, endpoint protection, patching, helpdesk, and vendor coordination — scoped per user so it scales cleanly as you grow.
Endpoint Protection
Business-grade EDR on every workstation and server. Real-time threat detection, automated quarantine, and monthly exec reporting so you can prove protection to auditors.
Discuss scope →Patch Management
Automated OS, application, and firmware patching on a tested cadence. Critical security patches deployed within 72 hours of release. Documented for your audit log.
Discuss scope →Workstation Management
Standardized imaging, MDM enrollment, inventory tracking, and end-of-life planning. New hires get a working machine on day one. Terminated users get access revoked in minutes.
Discuss scope →Vendor & License Coordination
We manage your EHR, billing, practice management, and SaaS vendors directly. One throat to choke. Saves you hours of hold music and expired-license surprises.
Discuss scope →Documentation & QBRs
Every environment fully documented. Every change logged. Quarterly business review with your leadership team — risks, spend, roadmap, and what's coming next quarter.
Discuss scope →
Pillar II · Network Infrastructure
Networks designed around your environment, not a vendor catalog.
We design, deploy, and maintain enterprise-grade networks using whatever platform best fits your requirements, budget, and existing investment — open-source, enterprise, or hybrid. Firewalls, switching, WiFi, VLAN segmentation, VPN, and zero-trust architecture, scoped to your environment.
Firewall & Perimeter
Next-generation firewall and edge routing on the platform that fits your compliance, performance, and budget profile — open-source (pfSense, OPNsense), enterprise (Fortinet, Palo Alto, Cisco Meraki, SonicWall), or whatever you already run. Documented rule sets, IDS/IPS, deep-packet inspection, HA failover. Guest, internal, privileged, and IoT zones properly isolated.
Discuss scope →WiFi & Switching
Enterprise wireless and managed switching on your preferred platform — UniFi, TP-Link Omada, Aruba, Cisco Meraki, Ruckus, MikroTik, Cambium, or whatever your team already operates. Proper VLAN tagging, PoE sizing, guest isolation, and multicast handling for voice, print, and cast services across segmented networks.
Discuss scope →VLAN & Segmentation
Workstations, servers, guest, IoT, voice, cameras, medical devices, and printers on properly separated VLANs with firewall rules that match the data sensitivity of each zone. Compromise of one segment doesn't cascade into the rest of the network.
Discuss scope →VPN & Remote Access
Site-to-site and client VPN on WireGuard, IPsec, or commercial ZTNA. Properly issued certificates, MFA-enforced, audit-logged. Remote staff get production-equivalent access without exposing your internal network to the internet.
Discuss scope →DNS & DHCP
Internal DNS hierarchy with conditional forwarders for split-horizon. Reservations and scope policies for every device. Pi-hole or commercial DNS filtering for content control and threat-intel block lists.
Discuss scope →Network Monitoring
LibreNMS, Zabbix, Prometheus + Grafana, or commercial alternatives, sized to your operation. Bandwidth, latency, error rates, and uptime tracked in dashboards your operations team can actually read. Alerts that trigger on real problems, not noise.
Discuss scope →
Pillar III · Virtualization & Storage
Servers and storage that don't crash on a Friday afternoon.
Right-sized virtualization clusters, properly architected storage, and tested backups. Hypervisor-agnostic — Proxmox VE, VMware, Hyper-V, XCP-ng — chosen for your workload and licensing posture.
Hypervisor & Cluster Design
Proxmox VE, VMware vSphere, Microsoft Hyper-V, or XCP-ng — sized for your workload, your budget, and your tolerance for licensing surprises. HA clusters with shared storage, live migration, and tested failover.
Discuss scope →Storage Architecture
TrueNAS, Ceph, or commercial SAN/NAS, depending on your performance and HA requirements. ZFS-backed pools with proper checksumming, snapshot retention, and replication off-site. No silent data corruption.
Discuss scope →Backup & Disaster Recovery
Veeam, Proxmox Backup Server, BorgBackup, or commercial alternatives. 3-2-1 minimum: three copies, two media types, one off-site. Restores tested quarterly so you know they actually work before you need them.
Discuss scope →Server Lifecycle
Hardware sizing, procurement, deployment, monitoring, and end-of-life planning. Refresh cycles aligned to your depreciation schedule. No more emergency Dell orders the week a server fails.
Discuss scope →Container Workloads
Docker, Podman, Kubernetes, or LXC — for workloads that fit. We deploy them, monitor them, and back them up the same way we treat full VMs. Not every workload needs Kubernetes; we'll tell you when it does.
Discuss scope →Capacity Planning
Quarterly review of CPU, RAM, storage, and IOPS trends against your business growth. Surprises are budget killers — we'd rather have a conversation in March than an emergency in October.
Discuss scope →
Pillar IV · Cybersecurity
Defensible posture, not security theater.
NIST-aligned controls, mapped to your environment and the threats you actually face. Detection, prevention, response, and recovery — documented for auditors, insurers, and your own peace of mind.
EDR / XDR Deployment
Endpoint Detection & Response on every workstation and server. Behavioral analytics, automated containment, and forensic timeline. Tier-1 commercial vendors only — this is not the place to save fifty dollars a seat.
Discuss scope →Identity & Access
MFA on everything that can support it. SSO consolidation. Password manager rollout. Privileged access reviewed quarterly. Joiners, movers, and leavers handled in a documented workflow — not on a sticky note.
Discuss scope →Email Security
Anti-phishing, attachment sandboxing, DKIM/SPF/DMARC enforcement, and impersonation protection. Email is the #1 breach vector — we don't treat it as an afterthought.
Discuss scope →Vulnerability Management
OpenVAS, Nessus, or commercial scanners run on a documented cadence. Findings triaged by exploitability and business impact. Remediation tracked to closure with an audit trail.
Discuss scope →Incident Response
Written playbook, named responder, communication plan, and tabletop exercise twice a year. When an incident happens, you're not Googling what to do — you're executing what we already wrote down.
Discuss scope →Security Awareness
Quarterly phishing simulations, annual security training, role-specific compliance education. Documented completion records for every workforce member. The single highest-ROI security control there is.
Discuss scope →
Pillar V · HIPAA Program
A defensible HIPAA posture, not a binder on a shelf.
Built by someone who runs the same program inside a licensed NH care provider. Privacy Rule, Security Rule, Breach Notification Rule — covered end-to-end with documentation an OCR investigator could read without confusion.
Security Risk Analysis
Annual SRA mapped to NIST 800-66 and OCR audit protocol. Gaps identified, remediation tracked, evidence preserved. The single most-cited deficiency in OCR enforcement actions — and the one we make sure you have nailed down first.
Discuss scope →Policies & Procedures
Written privacy and security policies tailored to how your team actually works. Not a generic template. Reviewed annually and updated when regulations or your operations change.
Discuss scope →BAA & Vendor Management
Complete inventory of vendors that touch PHI. Business Associate Agreements executed, tracked, and renewed. Vendor risk tiering. Offboarding playbook.
Discuss scope →Workforce Training
Role-specific HIPAA training delivered annually plus on hire. Completion attested in writing. Records maintained for the regulatory retention period. Sanction policy documented and enforced.
Discuss scope →Incident & Breach Response
Investigation playbook, four-factor breach risk assessment, and the 60-day notification clock handled correctly. Documentation an attorney could defend, before you need an attorney.
Discuss scope →OCR Audit Readiness
Documentation organized exactly the way OCR investigators ask for it. If a complaint, audit, or investigation arrives, you can produce evidence in days — not weeks of panic.
Discuss scope →
Pillar VI · Data & AI
Use your own data. Use AI without leaking it.
Reporting, analytics, and AI deployments that respect your compliance posture. Tools that work in your environment, on your data, without shipping PHI to third parties that haven't signed a BAA.
Data Warehousing
PostgreSQL, MariaDB, ClickHouse, or commercial alternatives — sized to your data volume and query patterns. Schema designed for analytics, not whatever the source system happened to ship.
Discuss scope →Reporting & Dashboards
Metabase, Apache Superset, Looker Studio, or Tableau, depending on what your team can actually use. We'd rather give you a dashboard you check on Monday morning than a beautiful one you never open.
Discuss scope →AI Implementation
Hosted LLMs (Ollama, vLLM, on-prem) when PHI or trade secrets are in scope. Commercial APIs (OpenAI, Anthropic, Google) when they aren't. We'll tell you which path matches your data sensitivity — not push the trendier one.
Discuss scope →EHR Integrations
HL7v2, FHIR, CCDA, and direct database integrations across most EHRs. We've seen the spec; we know which fields are real and which are aspirational. Custom report extracts, billing reconciliation, and analytics feeds.
Discuss scope →Predictive & Operational
Patient no-show prediction, capacity forecasting, scheduling optimization, denials management. Models trained on your data, deployed where you can see them, evaluated against ground truth on a documented cadence.
Discuss scope →Data Governance
Catalog of what you have, where it lives, and who can see it. Retention policies aligned to your regulatory and contractual obligations. PHI flagging and minimum-necessary review baked into the workflow.
Discuss scope →
Pillar VII · Training
Teach the team. Documented for the audit.
Workforce training, classroom delivery, and curriculum design. Built by university faculty who teach this material at the graduate level.
Workforce HIPAA Training
Annual HIPAA training for every workforce member. Role-specific content for clinical staff, billing, IT, and management. Documented completion. Sanction policy enforced.
Discuss scope →Security Awareness Program
Quarterly phishing simulations, monthly awareness content, and annual deep-dive training. The single highest-ROI security investment most organizations can make.
Discuss scope →Custom Curriculum
Designed for your team, your tooling, your operations. Delivered on-site, online, or hybrid. Built by university faculty — same rigor we apply in graduate classrooms.
Discuss scope →