Many healthcare organizations quickly adopted telehealth programs out of necessity at the start of the COVID-19 pandemic, expanding their attack surface with the integration of new technology such as mobile telehealth apps and wearable heart rate and blood glucose level monitors.
What’s more, nearly half of security researchers (48%) believe the healthcare industry is the most vulnerable industry to cybercrime during the unfolding global crisis. This opens up opportunities for potential devastation as cyberattacks in healthcare can compromise not only networks and data but also threaten the applications and services supporting critical patient care systems. Such malicious activity has already and may continue to contribute to serious life or death situations.
Leveraging crowdsourced security as a defense layer from adversaries
As a result of the increase in malicious hackers targeting telehealth initiatives, healthcare organizations must find a cost-effective way to quickly address vulnerabilities before they are exploited or risk jeopardizing patient health and safety.
To address this, healthcare organizations should consider adopting crowdsourced security programs such as bug bounty programs or vulnerability disclosure programs (VDPs). Crowdsourced security is an organized approach wherein a number of ethical hackers are incentivized to search for and report vulnerabilities in the digital assets of a given organization with the full understanding and awareness of the organization in question.
It’s imperative that healthcare organizations take precautionary measures to ensure a secure, user-friendly telehealth environment for staff and patients. By turning to external security researchers via a bug bounty or VDP, healthcare organizations can have vulnerabilities proactively disclosed before adversaries discover them and take malevolent action.
While using the hacker community might still cause healthcare organizations some unease, it should be noted that 93% of security researchers hack out of care for the organizations they work with, assuring that the protection of patients’ data is a noble cause in which many researchers would gladly participate. As reliance on telehealth continues to increase and its capabilities evolve, a crowdsourced security approach can ensure that a healthcare organization’s cybersecurity posture evolves along with it.
Securing the ever-evolving amount of telehealth data
The use of new telehealth technology has both diversified the type of data that exist within healthcare organizations and increased the complexity of security measures required to protect those data. From electronic health records to patients logging symptoms via a portal or mobile app to even encrypting patient data from appointments in transit, healthcare organizations are seeking ways to not only manage these new attack surfaces but secure all of the new data within them.
Crowdsourced security also enables healthcare professionals to assess the risks associated with disparate data sources and infrastructure, so patients don’t have to worry about the privacy of their data. Additionally, with comprehensive methodology, coverage analysis and reporting, crowdsourced security programs ensure that the administrative, physical and technical safeguards are in place to comply with HIPAA.
Crowdsourced security provides a cost-effective way for a healthcare organization to continuously test the cybersecurity posture of its remote monitoring devices and electronic record database without actually putting patient data at risk. By adopting a crowdsourced security approach, healthcare organizations can take advantage of project-based or ongoing programs to gain valuable, more accurate insight into what real attackers are targeting within telehealth technology and make adjustments to their security measures as a result.
Crowdsourced, on-demand penetration testing also reduces pen-test launch time by 2,160 hours on average, with some pen-test solutions that can launch in less than 72 hours—as opposed to the industry standard where pen-testers can take up to three months. This timeliness will help healthcare organizations remain agile as they continue to advance their telehealth initiatives and enable them to quickly react to changing COVID-19 circumstances.
A promising crowdsourced future
The level of convenience that telehealth offers has created a new and promising future for the healthcare industry. Crowdsourced security can act as a force multiplier in an organization’s cybersecurity strategy by harnessing the skills and talents of external security researchers along with an intelligent security platform to find and safely disclose vulnerabilities to companies.
Through VDPs and bug bounty programs, healthcare organizations can leverage on-demand external security experts, tools and partners to augment their internal resources, prioritize and remedy their hardest-to-find security vulnerabilities and maximize the impact of their existing security investments. As a result, healthcare organizations can operate without having to worry about compromising internal and patient data, and providing quality patient care can remain the utmost priority.
Ashish Gupta is the CEO of Bugcrowd.