Diabetes data isn’t just information. It’s a lifeline for patients. For Glooko, securing that data means safeguarding patient safety and care continuity. That’s why Glooko made a strategic decision to establish the most rigorous security posture and prove it with the HITRUST r2 certification. With more than 270 independently tested controls, the certification reflects not just compliance but a foundational commitment to safeguarding patient data.

The security-first approach is a core differentiator, positioning the company ahead of its competitors. This case study explores how cybersecurity is a key differentiator for Glooko.

Company Background

Glooko is a leading diabetes data management platform that integrates data from a vast ecosystem of devices, including continuous glucose monitors (CGMs), insulin pumps, blood glucose meters (BGMs), and insulin pens, into a single, device-agnostic interface for people with diabetes and healthcare providers. With operations in nearly 30 countries and 10,000 clinics worldwide, Glooko supports more than a million patients annually in managing diabetes.

Glooko recognizes that ensuring data privacy and security is not just a compliance task. It’s foundational to deliver trusted, life-enhancing care due to the personal and regulated nature of health data.

The Challenge

Diabetes is a data-intensive condition. Thousands of devices contribute to varied streams of information.

Glooko faced a significant challenge in securely unifying, processing, and presenting this data in a clinically actionable way. The sensitive nature of the information added to the complexity.

But beyond compliance, the company sought to make security a business enabler and a competitive differentiator.

Why HITRUST

Glooko had completed ISO 27001 and SOC 2. It selected HITRUST r2 certification for its unmatched rigor, healthcare focus, alignment with PHI, HIPAA, and FDA requirements, and to establish tested, independently validated controls.

“HITRUST evaluates 19 comprehensive cybersecurity areas. It’s the only framework that gives us confidence we’re covering all relevant risks,” said Benjamin Chang, Vice President of Security at Glooko.

Glooko also saw HITRUST as a market differentiator. The company leverages the HITRUST r2 certification to demonstrate its commitment to patient safety and data privacy. Being one of the only device-agnostic diabetes management platforms to complete HITRUST r2, ISO 27001, and SOC 2 Type II, Glooko distinguishes itself in a critical field.

The Certification Process

Over the course of its HITRUST evaluation, Glooko operationalized over 270 validated controls, from access management and encryption to incident response and business continuity planning. As data protection awareness, regulations, and standards evolved and strengthened, Glooko followed suit to improve existing controls.

HITRUST scores different security areas. Glooko received 100% with no exceptions and no corrective actions in its 2024 assessment. This achievement is notable as the HITRUST 2025 Trust Report revealed that 68.6% of r2 assessments required corrective actions.

This implementation required enterprise-wide commitment. "I am incredibly proud of the commitment and dedication the entire team demonstrated throughout this process," noted Chang. “We built a mature cybersecurity posture that protects patient safety, not one that just checks compliance boxes.”

At Glooko, security became a core corporate value championed by leadership and integrated into daily operations. The transformation fostered a culture of accountability and proactive security across the organization.

Business Outcomes

The certification rapidly translated into tangible business impacts.

• New market access: In 2024, 13 clients required HITRUST certification in their procurement criteria, representing multimillion-dollar revenue opportunities.
• Faster sales cycles: HITRUST reduced friction in vendor assessments, enabling Glooko to advance through security reviews faster.
• Customer confidence: Existing customers gained assurance in the security posture of a critical platform they depend on.

“Some clients now ask about HITRUST up front. For others, it's a key decision criterion,” said Richard Glenn, President of Connected Care at Glooko. “It’s a competitive edge that often tips the scales in our favor.”

Strengthened Cyber Resilience

The process also strengthened Glooko’s internal security operations.

• The company implemented a formal incident response team and conducted red-teaming and tabletop exercises with executive leadership.
• Regular phishing and social engineering tests, as well as industry-led training, showed improved employee resilience, a direct result of ongoing security awareness training.
• The certification reinforced trust not just with providers but also with patients, who could be confident their sensitive data was protected by the highest standards.

The ROI of HITRUST

HITRUST delivered operational and financial returns beyond customer acquisition.

• Cyber insurance: Glooko became eligible for premium cyber insurance through the HITRUST Shared Risk Facility, which could lead to significant underwriting savings and faster renewals.
• Operational efficiency: HITRUST streamlined internal processes, enabling Glooko to respond to vendor assessments with minimal overhead.
• Long-term value: With HITRUST’s continuous improvement model, Glooko’s security posture has strengthened year-over-year, transforming security into a strategic asset.

Looking Forward: A Message to the Market

Security was always deeply embedded in Glooko’s DNA, but the HITRUST certification significantly furthers the company’s commitment. Glooko views data protection not just as a responsibility, but as a pillar of care delivery.

'"Cybersecurity directly impacts patient safety," said Chang. "A breach could disrupt care delivery. That's why we hold ourselves to the highest standard."    

Glooko offers a clear message with its HITRUST certification: “There is a secure, trusted solution for diabetes data management. Glooko is committed to being that solution, assured with HITRUST.”