Third-Party Audit Attests to Carbonite's HIPAA Compliance as a Business Associate

Third-Party Audit Attests to Carbonite's HIPAA Compliance as a Business

Validation Process is Assurance of Data Security Integrity

BOSTON, May 29, 2014 (GLOBE NEWSWIRE) -- Carbonite Inc. (Nasdaq:CARB), a
leading provider of hybrid backup and recovery solutions for businesses, has
successfully completed a rigorous data management security examination by an
outside assurance/compliance auditor, and has met strict compliance
requirements of the Health Insurance Portability and Accountability Act

"As a data protection solutions provider and Business Associate to our
customers in the healthcare industry, security is core to our brand,"
commented Danielle Sheer, general counsel and vice president, Carbonite. "We
believe it is imperative to not only conduct routine internal security audits,
but achieve compliance approvals from independent outside auditing firms as

Carbonite began assessing and documenting the administrative, technical and
physical safeguards it uses to protect customer data in preparation for the
September 2013 update to HIPAA regulations that changed the definition of a
Business Associate. The company completed the process in advance of the
deadline, and brought on a third-party partner to ensure the right steps had
been taken to meet HIPAA compliance requirements.

The rigorous six-month assessment was executed by 360 Advanced, P.A.
(, a national, multi-service, licensed Certified Public
Accountant (CPA) and Qualified Security Assessor (QSA) firm that specializes
in integrated compliance solutions for service providers related to internal
controls, security, confidentiality, privacy, processing integrity,
availability and other elements critical to information surety.

"The Carbonite team was focused on ensuring internal controls were in place to
meet or exceed HIPAA requirements. The results of our independent HIPAA
assessment at Carbonite identified no relevant exceptions to the design or
operation of the system of controls," said Dan Collins, president of 360
Advanced. "Completing HIPAA and other formal compliance examinations enhances
a service provider's reputation for security, reliability and professionalism,
and can give it a competitive advantage in an era in which data breaches are
becoming more frequent and costly."

"The compliance requirements and security protocols are incredibly detailed
and specific," commented Sheer. "I would recommend that all service providers
rely on an independent expert's oversight and guidance."

About Carbonite

Carbonite (Nasdaq:CARB) is a leading provider of hybrid backup and recovery
solutions for businesses. Carbonite offers a comprehensive suite of affordable
services for data protection, recovery and anywhere, anytime access. More than
1.5 million customers, including 50,000 small businesses, trust Carbonite's
secure, easy-to-use cloud backup solutions and award-winning U.S.-based
customer support. For more information, please visit, connect
with us on Twitter @carbonite or visit our Facebook page.

CONTACT: Media contacts:
         Megan Wittenberger
         Andrew Bowen, APR

Carbonite, Inc. logo
Press spacebar to pause and continue. Press esc to stop.