Healthcare is evolving and improving to provide more convenient ways for patients and providers to access information and communicate. This has led to a significant increase in medical-based web applications and sites for patient interaction.
With some of the new integration and automation come advances that have improved accuracy and timeliness of information sharing; doctors are now able to access patient health records across multiple sites using different devices, patients are able to order prescription medications through online web portals, insurance companies and hospitals are able to file and submit claims online; all of these activities are regulated by HIPAA regulations and PCI DSS governance. But all these methods of access also provide opportunities for information to be accidentally shared or purposefully stolen. Still, you wonder who cares about a patient’s flu shot? Why would anyone want to know about the CAT scan of someone’s sinuses?
This kind of information is a gold mine to criminals due to the richness of information, and the number of opportunities it creates. Think of it – countless patient ID numbers, social security numbers, birthdates, billing information, insurance records – all of this data is available across a varied number of applications and sites hosted by hospitals, insurance companies, specialists, pharmacies, and every other linked system in the chain of healthcare and medicine. This sort of information is more valuable than mere credit card numbers, fetching between five and fifty times more for sale on the black market.
40% of all breaches occur at the application layer. Last year, USA Today ran a story about BlueCross BlueShield’s now infamous hack, and quoted numbers that healthcare attacks have more than doubled since 2010. This means healthcare websites and applications within the system are more vulnerable than ever. Protecting against data breaches through applications is harder than just securing a database, and healthcare organizations often have limited resources and outsource parts of their web infrastructure to third-party developers.
WhiteHat Security’s Sentinel product family can help healthcare organizations implement a more secure software development lifecycle by detecting vulnerabilities in source code, mobile and web applications. We help you protect these vulnerable access points with continuous and concurrent assessments, allowing your team to prioritize and mitigate threats. We combine our scalable application-scanning platform with a live, online security team in our Threat Research Center checking results to provide actionable, credible results with near zero false positives.
IDC is estimating that one in three consumers will have their healthcare records compromised in 2016. Let WhiteHat work with you to help ensure that your patients, and their information, remain healthy and secure.