6 Reasons you Should Consider an Annual Penetration Testing Especially in Healthcare

March 6, 2019 | Bindu Sundaresan
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Breaches are widely observed in the healthcare sector and can be caused by many different types of incidents, including credential-stealing malware, an insider who either purposefully or accidentally discloses patient data, or lost laptops or other devices. Personal Health Information (PHI) is more valuable on the black market than credit card credentials or regular Personally Identifiable Information (PII).

.With instances of identity theft and fraud rising, however, many healthcare organizations are now hosts to valuable patient data such as social security numbers, medical records, and more personal information that can be compromised through cyber-attacks.  If cybersecurity is not a key piece of your healthcare facility’s infrastructure, you may be putting both your organization and your patients at extreme risk. With the current cybersecurity climate in healthcare, it is important to consider some foundational security elements in terms of maintaining cyber hygiene.

What it Means for 2019 and Beyond

The data from 2018 illustrates that there is a problem with security throughout the healthcare industry. Information security experts warn that healthcare will be the biggest target for cybercriminals over the next five years, as noted in Healthcare IT News. The financial burden on attacked organizations is crippling, but the reputation risk is even greater.

A Smarter Approach to Security

Healthcare organizations must have an effective security risk management strategy built on the concept of edge-to-edge protection. They need to know what their data security priorities are, have policies that are effectively enforced, and bring an approach to cybersecurity that’s surgical— working from the inside out — to understand every fit and function of their organization. Without proper guidance, healthcare organizations could be throwing money into cybersecurity with little return, strangling their operations rather than supporting them.  So as healthcare organizations work to toward their future security, a key step is consider doing a penetration test. Consider it a self-check-up.

 To combat a hacker, you need to think like a hacker. Penetration testing is a form of ethical hacking that simulates attacks on an organization’s network and its systems. This is done to help organizations find exploitable vulnerabilities in their environment that could lead to data breaches. The test is a manual process performed by security experts that dive deeper into your environment than an automated vulnerability scan does.

A Penetration Test Does NOT Equal Automated Vulnerability Scans.

  • It exposes your weaknesses before real hackers do
  • It can reveal which areas of security you need to invest in
  • It provides an outsider perspective of your security posture
  • It will simulate a real attacker scenario
  • Help with meeting compliance with industry standards and regulations
  • Help prioritize and tackle risks based on their exploitability and impact
Bindu Sundaresan

About the Author: Bindu Sundaresan
Practice Lead - Security Solutions, AT&T, Bindu Sundaresan is a Strategic Security Solutions Practice Lead at AT&T. She’s currently responsible for growing the security consulting competencies and integration with the AT&T Services and Product Offerings. Bindu is a security SME (subject matter expert) with the judgment and experience to right-size and customize information security solutions that both accommodate and enable business growth. She has worked to establish enterprise vision, strategies, and programs for Fortune 50 companies to ensure the confidentiality, integrity, and availability of information assets – thus protecting and enhancing multimillion/billion-dollar revenue streams.
Read more posts from Bindu Sundaresan ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
Get Price Free Trial