Find the weaknesses within your system before hackers do.
The healthcare industry has been inundated with so much technology so fast that implementing it feels like an uphill battle for most organizations. Securing all of that technology is an even bigger challenge, but doing so effectively is paramount for both security and business growth.
Any cybersecurity strategy is designed to mitigate risks in case of a breach. Its main goal is to defend against attacks, but if one occurs, a good strategy can control the resulting costs. According to the Ponemon Institute, those costs can reach upward of $3.5 million, on average. In the case of Anthem, a single breach (which affected nearly 80 million customers) cost the health insurer $115 million in legal settlements alone.
While a good strategy can be a buffer against those costs, an excellent one can actively drive revenue for your organization. Every vulnerability you miss exposes your network to an attack, and each attack chips away at your overhead. Besides the time and costs of repairing the breach, you can also lose the trust of current and potential customers. On the other hand, successfully detecting and sealing up holes in your network boosts your value in the eyes of customers.
These three strategies can help you successfully find those weaknesses and turn your cybersecurity into a profitable asset:
1. Put bounties on vulnerabilities.
Incentivize employees (and the public, if you choose) to find bugs in your system by paying bounties for each one they detect and report. If you choose to expand the bounty beyond your employees, be sure to choose a trusted group of ethical hackers to ensure you aren’t handing your entire system over to bad actors.
Bug bounties are one of the most popular and effective ways to find vulnerabilities. HackerOne, a vulnerability coordination and bug bounty platform that connects businesses with cybersecurity researchers, has handed out over $20 million in bounties and discovered more than 50,000 corporate vulnerabilities. The group predicts that the number could reach 200,000 vulnerabilities within the next couple of years, and those affecting your network could be among them.
2. Breach your network before hackers do.
Hunting bugs is a good strategy, but not every breach occurs because of one. In addition to the bounties, have a highly skilled employee or ethical hacker test your network by trying to breach it. Penetration tests, or pen tests, are ongoing multi-step processes used to uncover areas where hackers could breach your network and determine what kind of information they could steal.
For example, your expert could scout your network from the outside, collecting IP addresses and personnel credentials to exploit. You could also have your expert obtain administrator access to see what’s vulnerable behind the firewall. Such tests are critical. In a recent Kaspersky Lab report, internal pen tests successfully breached 86% of the companies tested. In 42% of those cases, testers gained access in only two steps.
3. Phish for vulnerable employees.
Pen tests can help uncover human vulnerabilities and network weaknesses, but you can shore up those vulnerabilities more effectively by routinely hacking your employees. People think they’re smarter than phishing emails until they’re caught. Randomly testing employees will improve the chances of you catching them before hackers do.
The problem is that phishing emails today are hard to differentiate from legit ones. Osterman Research found that compromised internal accounts, or account takeovers, have more than doubled, affecting 44% of businesses in the past year. Once an employee’s account is taken over, the hacker can phish indiscriminately from that account. Before that happens, find the employees who need training the most by sending mock phishing emails and seeing who falls for them.
The more technology takes over the healthcare industry, the more vulnerable healthcare and insurance organizations become to network breaches. Along with investing in top-notch cybersecurity, keep your network safe by tracking down its most vulnerable spots before hackers can take advantage of them.
Hoala Greevy is the founder and CEO of Paubox, a provider of HIPAA-compliant email services. Greevy also founded Pau Spam, an email filtering software service.
In the Scope of Virtual Health and the Future of “Website” Manner, Per Ateev Mehrotra
August 10th 2023Briana Contreras, an editor of Managed Healthcare Executive, had the pleasure of catching up with MHE Editorial Advisory Board Member, Ateev Mehrotra, MD, MPH, who is a professor of healthcare policy at Harvard Medical School and an Associate Professor of Medicine and Hospitalist at Beth Israel Deaconess Medical Center.
Listen