TMCnet News

Redox Launches Public Bug Bounty Program With Bugcrowd to Help Keep Health Data Secure
[June 18, 2019]

Redox Launches Public Bug Bounty Program With Bugcrowd to Help Keep Health Data Secure

Redox, the company that is changing the way healthcare vendors and providers share data, today announced the launch of a public bug bounty program with Bugcrowd to help ensure the security of its customers' health data. As one of the first health IT companies to adopt a crowdsourced security approach, Redox is offering monetary rewards to trusted hackers to identify security vulnerabilities in its technology platform.

"The Redox healthcare integration platform is built on the promise that organizations can securely and efficiently exchange data," said Ben Waugh, chief security officer, Redox. "Crowdsourced security is a valuable part of our security strategy. Due to our highly segregated environment we have been able to set up this bug bounty program with Bugcrowd to do testing in a safe way, ensuring we are keeping customer data safe, while also gaining contextual intelligence on potential security vulnerabilities."

Redox is at the forefront of a tsunami of digital health data connectivity, providing a cloud network that simplifies how healthcare organizations exchange data. With one connection to Redox, organizations eliminate a fragmented, inconsistent mess of data formats and APIs that slow digital transformation.

While APIs can improve value in healthcare, there are also legitimate security isues with exchanging health data. The healthcare industry has been a prime target for hackers as personal health information (PHI) is among the most valuable commodities on the dark web. In addition, API abuse is predicted to be the single largest attack vector by 2022.

At the same time, industry regulations such as HIPAA can make adopting new security practices like bug bounty programs more challenging. Redox overcame this by building its platform so that different types of accounts are isolated into their own infrastructure, so security researchers can still do their testing in a meaningful way while significantly reducing the risk of being exposed to PHI.

"We ran a private bug bounty program for the past year, which paid out over $5,000 in bounties for around 30 low impact vulnerabilities," Waugh said. "Due to the program's success, Redox is introducing the public program earlier than expected and increasing the reward program to be one of the most competitive in our industry."

Under the public program, Redox will now pay up to $10,000 per critical flaw, particularly those which are unique and demonstrate that the researcher has spent the time to understand the Redox technology platform to identify a vulnerability that could significantly impact customers.

"As the healthcare industry continues to move into the digital age, each new technology that provides value to patients, organizations, and caregivers also brings with it unique cybersecurity risks," said Ashish Gupta, CEO at Bugcrowd. "Through our crowdsourced security approach, Bugcrowd gives healthcare IT teams more time to focus efforts on big picture compliance and protection strategies. We're thrilled to be working with Redox, extending the power of their security team and paving the way for other health IT companies to adopt next-generation security testing practices."

For more information on the bug bounty program and how healthcare technology companies can adopt them safely, join Ben Waugh, Redox CSO, and David Baker, Bugcrowd CSO, in a live webinar titled, "Building an Effective Crowdsourced Security Program in Healthcare," on July 11 at 11 a.m. PT/ 2 p.m. ET Register here:

About Redox

Redox accelerates the development and distribution of healthcare software solutions with a full-service integration platform to securely and efficiently exchange data. Healthcare delivery organizations and technology vendors connect once and authorize the data they send and receive across the most extensive interoperable network in healthcare. Redox exists to make healthcare data useful and every patient experience a little bit better. Learn how you can leverage the Redox platform at

[ Back To's Homepage ]