HPE Fortify On Demand – The Responsible Alternative to Credit Monitoring
By Matt Angerer
I recently received a letter via US Postal Mail from my primary care physician that opened with the following:
“We are writing to inform you of an incident involving some of your personal information. On November 13, 2015, the Federal Bureau of Investigation (FBI) advised us that patient information was illegally obtained by an unauthorized third party who may have gained access to our databases. We immediately hired a leading forensics firm to support our investigation, access our systems and bolster security. The forensics firm determined that, on October 3, 2015, the intruder (hacker) may have accessed the database, which contained information that may have included your name, Social Security number, physician’s name, diagnostics and treatment information, and insurance information. However, we have no specific evidence that your medical record was accessed.”
The letter went on to state that the FBI asked this physician’s office to delay notification or public announcement of the incident until now (the time I received the letter) as not to interfere with its investigation. “Now that law enforcement’s request for delay has ended, we are notifying patients as quickly as possible. We continue to work closely with the FBI on its investigation of the intrusion into our system. In addition to security measures already in place, we have also taken steps to enhance internal security protocols to help prevent a similar incident in the future,” the letter goes on to state.
Within the letter, there was a unique cross-sell opportunity for Experian’s ProtectMyID Alert® to reactively monitor whether my identity had been compromised since the breach occurred nearly 5 months ago! I officially received this letter in the mail on March 4, 2016 and the breach allegedly occurred on October 3, 2015. This is the third time I’ve received this type of notification in the last few years that I can recall. Each of the letters had a similar tone and message: that they didn’t protect their systems properly and that my personal information was compromised as a result. The first time I received such a letter was in 2005 from my alma mater (Penn State), indicating that their systems had been breached by a hacker community and my personal information was compromised. That letter also cross-sold Experian’s ProtectMyID Alert product to help me reactively monitor the situation in case someone attempted to open accounts in my name.
The IT Security Issue
What is the central issue we see with these recurring IT security problems? Obviously, too many organizations reactively wait for something to go wrong. At that point, they act with urgency by consulting with a “leading forensics firm to support the investigation” and take other measures like “bolstering security” as this unnamed firm has done in light of the recent breach. The issue with this type of approach around IT system security is that the consumer or patient’s information now rests in the hands of a hacker group that can be exploited at any time. What’s worse though is that it puts the consumer or patient in a state of anxiety about their PII (personally identifiable information) and whether protection services will pick up on “suspicious activity” occurring on the account.
We fully support closely monitoring your credit profile with leading-edge tools like Experian’s ProtectMyID Alert. In fact, I am grateful that Experian partnered with the FBI to offer consumers like me with this service so that I can empower myself to quickly thwart attempted identity theft. However, our question goes much deeper than reactively monitoring a situation that already occurred. Specifically, what sort of tools could help prevent this breach from occurring in the future?
Fortify Your Data
At ResultsPositive, we work closely with HPE as a Platinum Partner and Value Added Reseller. We have helped over 200 organizations since our inception in 2004 and continue to blaze the trail with innovative and leading-edge solutions. Recently, we’ve started working closely with clients like my primary care physician whose databases were breached by an outside hacker to show them how valuable it is to have a monthly dynamic scan of their external patient facing portals and internal systems with HPE Fortify On Demand. What’s more is that we work closely with clients to rectify the issues that HPE Fortify uncovers in their code base, such as cross-scripting errors that create vulnerabilities allowing hackers access to private health information.
Even more, HPE Fortify On Demand can be used to analyze and uncover vulnerabilities in static code. Available 24/7 in the cloud, HPE Fortify is the responsible choice for healthcare providers seeking an effective cloud-based solution to their vulnerability and penetration scanning needs. ResultsPositive works with healthcare clients to create a sound information security policy that addresses issues surrounding PCI-DSS and HIPAA compliance – while also providing an actionable roadmap for clients to increase proactive security measures like weekly or monthly dynamic vulnerability scans against databases, web-based portals, and mobile applications.
Today, an organization can never be too careful with their data. Instead of waiting for a breach to occur, companies should continuously assume that hackers are attempting to break into their systems and steal information. There is an old adage that goes something like: “Prepare for the worst, but pray for the best.” Preparing for the worst is assuming that a hacker will attempt to penetrate your systems this year and that you should take measures immediately to protect your patient and consumer information. The repercussions of not doing so could damage your brand and make consumers less confident in doing business with your organization.
Contact ResultsPositive today for a free HPE Fortify On Demand scan of your flagship software products. We will review the vulnerabilities with you and provide a demo of how HPE Fortify On Demand frees up your QA team’s time to focus on more strategic initiatives like developing the automation framework that your CIO keeps talking about. We will also show you how Fortify On Demand integrates with your existing instance of HPE Quality Center or ALM. Much like HPE UFT or Performance Center, RPTech has pushed the envelope once again to create a REST-based API to synchronize data between HPE Fortify On Demand and HPE ALM. The benefits of such an integration keep your system of record safe with HPE ALM and allow your PMO organization the ability to effectively report out across your security testing efforts from the Dashboard in HPE ALM.
Contact ResultsPositive today for more information.
Subscribe for the latest RP Blog Updates: