As the healthcare industry continues to move into the digital age, each new technology that provides value to patients, organizations, and caregivers also brings with it unique cybersecurity risks. IT systems, connected medical devices, digital health applications, electronic patient records – the list goes on.

While standards like ISO / IEC 800001 and the NIST Cybersecurity Framework are pushing healthcare IT to make change, understanding how to secure healthcare information systems effectively is a complex challenge that security leaders in the industry struggle with.

Over the last 10 years, there have been more than 2,500 healthcare data breaches, resulting in theft or exposure of nearly 200 million records. That’s nearly 60% of the U.S. population impacted. 

The industry hosts large swaths of confidential health and patient data, and unfortunately is one of the most targeted, with adversaries eager to find an entry-point into any system. Thanks to solutions like crowdsourced security, healthcare IT teams can tip the scale back in their favor with an army of whitehat hackers.

So what has the Crowd uncovered within healthcare?

  • Between 2017 and 2018, the number of vulnerability submissions increased nearly 3.5x, and roughly 30% were critical submissions (P1 or P2).
  • Thanks to growing criticality levels and the increasing security maturity of healthcare organizations running crowdsourced security programs, total payouts in Q1 2019 increased by more than 30% compared to Q1 2018. 
  • The market rate for vulnerabilities continues to rise, and the average payout for Q1 2019 was more than $1,000 per vulnerability, the highest it’s ever reached and an 82% increase year-over-year. For P1s, this number is nearly $3,500 per vulnerability.
  • Looking at targets, healthcare programs see the majority (75%) of submissions against their websites.

If the numbers didn’t already indicate, healthcare cybersecurity is a serious undertaking. 

Bugcrowd’s crowdsourced security programs give healthcare IT teams more time to focus efforts on big picture compliance and protection strategies while mitigating the risk of the next big attack. 

“The advantage of having crowdsourced security as part of our program is the continuous testing. Security researchers can actually spend time testing to find critical flaws, rather than being time bound in a traditional pen test. Bug bounties more accurately reflect what real attackers are doing in terms of time and effort.” – Ben Waugh, Chief Security Officer of Redox

Interested in learning more about the healthcare security landscape and how it can benefit from crowdsourced security? Join Bugcrowd and leading healthcare integration platform Redox for a webinar discussion on Thursday, July 11 at 11am PT / 2pm ET.

You can also read the full “State of Healthcare Cybersecurity” industry report here.