everythingpossible - Fotolia


How hiring ethical hackers can help healthcare organizations

They say if you can't beat them, join them. That's the approach some organizations take to hacking -- let the hackers come to them.

It might come as a surprise, but hospitals can consider hiring ethical hackers to help them stay protected from IT security issues.

Cybercriminals continue to target healthcare organizations using ransomware and other methods of data breaches, fraud, scams and distributed denial-of-service attacks. A successful attempt can result in serious consequences for the hospital or clinic, including financial damages, legal complications and loss of revenue. This has raised the level of concern that many healthcare executives have around security, pushing IT departments to fortify their systems using different methods -- including some that may seem unconventional.

Healthcare breaches on the rise

There have been up to 39 million patients affected by data breaches, according to Office of Civil Rights (OCR) information reported by health organizations mandated under HIPAA to notify the OCR of any data breaches. Given the frequent occurrence of data breaches, IT executives are adjusting their security strategies to go beyond the traditional network and endpoint protection tools. Alone, those types of tools have been unsuccessful at protecting against some of the attacks.

Some of the changes in hospitals and health clinic security strategies include the following:

  • adopting AI-based threat protection tools;
  • increasing end-user awareness campaigns and training;
  • adding security protections at all system layers (application, data, network, perimeter);
  • outsourcing third-party security monitoring and management; and
  • implementing more robust identity management systems that include multifactor authentication.

Why hiring ethical hackers makes sense

Some IT pros are thinking outside the box by adding a new component to their strategies that may seem unconventional -- hiring hackers themselves to improve the organization's protections and chances to fight against cybercriminals. 

Hiring ethical hackers to be part of a company's security staff is an approach several tech giants -- including Apple, Google and Microsoft -- have adopted to help them build robust protections against other, unfriendly hackers. The idea is that it takes a thief to catch a thief. This new approach provides a way for the hospital to use internal employees to identify issues with the network and other areas of the IT systems and fix them before they result in a breach.

Benefits of hiring ethical hackers include the following.

The idea is that it takes a thief to catch a thief.

It gives you someone to keep up with the changing threats. Hackers are typically the ones constantly looking for ways to break into systems by trial and error or keeping up with the latest news about vulnerabilities and exploits. This is a very useful trait for an ethical hacker working in a hospital because they are able to flag newly discovered gaps in security and help patch them before they attract others to it.

A hacker can simulate attacks that are harmless but revealing. Another value that hackers on staff can bring to the table is their ability to simulate a full attack against the system while minimizing any harm to the infrastructure or downtime. This provides the organization with controlled system attacks that can highlight vulnerabilities in the system without actually damaging it.

Ethical hackers can educate end users on the tactics hackers and scammers use. The education of end users on what hackers and scammers do to gain access to the system is another critical area that IT focuses on. IT is also able to take advantage of the knowledge that a hacker brings to the table around the tactics cybercriminals use to trick users. IT departments can turn this information into tips and educational sessions where the internal security expert or hacker can train employees on what to avoid.

Despite the shortage in the marketplace for cybersecurity gurus, hospitals should make every attempt to bring on staffers who are trained in cybersecurity and are capable of performing actions that hackers do in the wild. By adding this resource to the IT and security team, a hospital or clinic can ensure that its defense systems are strong.

Next Steps

A guide for how to become an ethical hacker

Dig Deeper on Electronic health record systems

Cloud Computing
Mobile Computing