Meditology Services Identifies the Top 10 Hacking Exposure Areas for Healthcare IT Systems

Share Article

Hacking Healthcare: Real-World Healthcare Security Exposures from Penetration Tests

ethical hacking experts

Health IT consultants

Hackers have expanded focus from technical vulnerabilities in public facing applications and networks to sophisticated social engineering and phishing attacks that psychologically manipulate people into divulging information

Meditology Services LLC, a professional services company specializing in IT solutions for healthcare organizations, today announced new research based on a two year study from 2013-2015. As a follow up to this research endeavor, Meditology has released a white paper focused on ethical hacking, also known as penetration testing, and why it is a very effective way to test the security of healthcare information systems. The paper, “Hacking Healthcare: Real-world Healthcare Security Exposures from Penetration Tests,” drives an increased awareness of the need for the healthcare industry to harden systems against both external and internal threats. The paper also helps healthcare organizations understand how to take a proactive security stance based on the concepts, methodology, approaches, and a description of various real-world penetration testing and related results.

According to the Ponemon Institute, criminal attacks on healthcare organizations have increased 100 percent since 2010 and represent the highest per-record cost to companies across industries.

“Medical data and medical identity theft can be very lucrative market, and, on the whole, healthcare organizations are less prepared, making it an attractive venture for hackers,” said Brian Selfridge, partner for the security and privacy practice at Meditology. “While healthcare providers and payers are increasingly investing in security tools and processes, ethical hacking is an essential security test to determine whether these tools are working as designed.”

Anatomy of a Penetration Test

Depending on the organization’s size and complexity, thorough penetration testing can take weeks to carry out and involves reconnaissance, surveying, testing and reporting to produce a final analysis across exposure areas. The paper outlines the top 10 hacking exposure areas based on the results of testing including physical security, phishing, medical devices, passwords and more. Both internal and external tests must be considered to address the full range of attack vectors.

“Hackers have expanded focus from technical vulnerabilities in public facing applications and networks to sophisticated social engineering and phishing attacks that psychologically manipulate people into divulging information,” Selfridge continues. “Medical devices also present an increasingly popular access point as they are configurable, and interconnected.”

Regular penetration testing is essential for organizations to identify weaknesses and gain the support they need to prevent data breaches. Domain expertise in the healthcare industry should be a top requirement when engaging a security firm to conduct penetration testing as patient safety, unique application issues, and specific regulatory requirements create a complex landscape that is different from other industries.

The complete paper can be downloaded at http://www.meditologyservices.com/white-papers/meditology-hacking-healthcare/.

A webcast, “Hacking Healthcare - Real World Healthcare Security Exposures from Penetration Tests,” will be held Wednesday February 3, 2016 at 1:00 EST. For more information and registration, please see https://attendee.gotowebinar.com/register/488596950974188545

About Meditology
Meditology Services is a leading professional services company with an exclusive focus on the healthcare industry and a core competency in IT security. Meditology's success stems from the deep and extensive expertise of its leadership team, representing a mix of Big Four consulting and healthcare security operational experience. Clients include many of the nation’s largest healthcare providers and payer organizations. Visit Meditology at http://www.meditologyservices.com or follow us on Twitter (@Meditology) and LinkedIn.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Leslie Kesselring
Kesselring Communications
+1 503-358-1012
Email >

Tamarie Ellis
Kesselring Communications
503-746-8107
Email >
@LeslieKess
since: 05/2008
Follow >
Visit website