• Hypertrophic Cardiomyopathy (HCM)
  • Vaccines: 2023 Year in Review
  • Eyecare
  • Urothelial Carcinoma
  • Women's Health
  • Hemophilia
  • Heart Failure
  • Vaccines
  • Neonatal Care
  • Type II Inflammation
  • Substance Use Disorder
  • Gene Therapy
  • Lung Cancer
  • Spinal Muscular Atrophy
  • HIV
  • Post-Acute Care
  • Liver Disease
  • Asthma
  • Atrial Fibrillation
  • RSV
  • COVID-19
  • Cardiovascular Diseases
  • Prescription Digital Therapeutics
  • Reproductive Health
  • The Improving Patient Access Podcast
  • Blood Cancer
  • Ulcerative Colitis
  • Respiratory Conditions
  • Multiple Sclerosis
  • Digital Health
  • Population Health
  • Sleep Disorders
  • Biosimilars
  • Plaque Psoriasis
  • Leukemia and Lymphoma
  • Oncology
  • Pediatrics
  • Urology
  • Obstetrics-Gynecology & Women's Health
  • Opioids
  • Solid Tumors
  • Autoimmune Diseases
  • Dermatology
  • Diabetes
  • Mental Health

Healthcare IT Infrastructure Remains Vulnerable


Report shows that healthcare is still at a high risk for data breaches.


Despite the millions of patient digital health records that are breached every year, healthcare isn’t doing enough to shore up vulnerabilities.

A new study demonstrates just how large the problem remains. Bugcrowd, a crowdsourced security company located in San Francisco, recently released the latest version of its State of Healthcare Cybersecurity Report.

Bugcrowd, as a crowdsourcing security firm, receives “vulnerability submissions,” or reports from white hat hackers on potential flaws in systems. Between 2017 and 2018, Bugcrowd saw a 350% increase in vulnerability submissions, and there will likely be a steady increase this year as well.

“Healthcare has historically been slow to adopt new technologies due to the risk associated with changing how data is stored, transmitted, or processed,” says David Baker, CSO of Bugcrowd. “This is true even with security technology.”

Close to a third of the vulnerability submissions were considered critical submissions-ranked priority one (P1) or priority two (P2), while about 42% were P3.

Related: Telemedicine and E-Visits: An Update

“P3 vulnerabilities are considered to be medium severity,” says Baker. “Although they don’t typically infer protected health information (PHI) disclosure, they relate to details of the apps themselves. As with any of these technologies, the risk of P3s are still important because they can be chained together, thus leading to new vulnerabilities with higher severity.”

Baker points to the market for submissions as signs that healthcare organizations are putting more resources into combatting the issue. “Healthcare organizations running crowdsourced security programs are increasing their security maturity and criticality levels, therefore increasing the market rate for vulnerabilities.”

In Q1 2019, the average payout for a P1 submission was almost $3,500. The overall average payout for all priority levels (P1-P4) was about $1,000. “Interestingly,” Baker says, “this is higher than the P1 and average payouts across all programs run through Bugcrowd.”

Overall, total payouts for Q1 2019 increased by over 30% in 2018.

“Healthcare security professionals must implement a more improved defense-in-depth security program that promotes better defense through a better offense,” Baker says. “This means that security professionals should implement a solution that enables 24x7x365 security assessment efforts against their assets. Crowdsourced security continues to uncover 10 times the security bugs than traditional security assessment methods.”

Related Videos
Related Content
© 2024 MJH Life Sciences

All rights reserved.