BLOG: Ethical Hacking | The Miracle Immunity Booster
Blog Post by Brian Selfridge, Meditology Services IT Risk Management Partner
Cyber Hygiene consists of the practices and steps required to ward off potential viruses, data hijack attempts and intruders invading your information systems. Good hygiene is a major part of preventative healthcare for humans, but also for healthcare information systems. But just setting up employee training, policies and procedures is only covering the surface area of good cyber hygiene. Audits are akin to going for a health check up or dental cleaning. But what about other preventative measures before the annual “checkup”?
To provide greater immunity to data breaches, adding Ethical Hacking programs to your cyber hygiene routine will bolster your organizations immunity and natural defenses (i.e. take a daily vitamin for immune support, take a flu shot during flu season.) Much like a vaccine, Ethical Hacking uses a system of attacking your data systems to ultimately make your overall immune system stronger and more resilient.
Ethical hacking consists of planned testing using a variety of approaches to attempt intrusive entry or access to sensitive data storage locations. These are structured tests conducted in a way to reduce the risk of service disruption or service delivery delays.
The outcome of ethical hacking projects is to identify vulnerabilities, to validate security procedures and systems that are working well and test the training efficacy of your workforce. Testing your internal systems is critical as 63% of healthcare data breaches were attributed to Data Misuse with 56% of data breaches stemming from Internal Threat Actors and another 14% due to Social Attacks/Phishing of workers, as reported in Verizon’s - 2018 Data Breach Investigations Report.
Ethical hacking provides you with the information necessary to remediate any system, network or application vulnerabilities and misconfigurations to help prevent a hacker or a rogue employee or contractor from stealing your data.
Here are the primary elements of a robust ethical hacking program:
- External Penetration testing is focused on testing Internet-facing systems and applications from an un-informed outsider.
- Internal Penetration testing is focused testing internal employee, contractor’s ability/likelihood to access sensitive data.
- Wireless Penetration testing focuses on data intrusion through wireless-based systems.
- Application Security Testing assesses applications for vulnerabilities, misconfigurations or unauthorized access.
- Phishing / Social Engineering testing is centered on testing the security awareness of employees and IT staff.
Ethical hacking is best conducted by seasoned experts that benefit from their knowledgebase of vulnerabilities found in other healthcare organizations. We’ve put together an overview on Ethical Hacking and Penetration Testing Services to help explain this preventative cyber hygiene program to your internal teams.
Remember to use fluoride for the best cavity protection, vaccines to bolster your natural defenses and Ethical Hacking Testing to boost your system’s immunity to viruses, hijack attempts and other “infections”. Wishing you a healthy, strong data security immune system in 2019 and beyond!
Brian Selfridge leads Meditology’s IT Risk Management Services practice which is dedicated to delivering expertise and leadership in information privacy and security, compliance, and audit, specifically for healthcare. He advises the federal government including OCR and HHS and is a frequent presenter and sought after leader in the healthcare security and compliance industry. Contact Brian directly at firstname.lastname@example.org or follow him on LinkedIn.