Lares - Security Solutions/Service Company

Lares: A New Touchpoint to Healthcare Security

Follow Lares on :

Christopher Nickerson, Founder & CEO , LaresChristopher Nickerson, Founder & CEO , Lares
As security breaches continue to mount in the healthcare space, healthcare organizations are concerned about the vulnerabilities in their existing systems and IT infrastructure. With patient health data rapidly being digitalized, the threat of healthcare information being compromised or stolen has also reached unprecedented heights.

The question still lingers: “Many people want to know why healthcare is at such a high risk for cybercrime?”

“Unlike other industries, healthcare professionals have to deal with several types of equipment, machines, and processes to record the data of patients,” states Christopher Nickerson, Founder & CEO of Lares®. While modern healthcare personnel leverage wireless medical devices to record patient data, connected systems also present enormous opportunities for hackers to undertake malicious activities. Based in Denver, Lares brings extensive knowledge in leading-edge technologies to aid healthcare institutions by addressing their safety and security concerns.

Many healthcare organizations only focus on adherence to the healthcare regulatory standards because they believe the standards to be adequate for addressing their overarching security challenges. However, this approach often leads to data breaches and the theft of employee and patient data. To this end, Lares brings its unique ability to help healthcare organizations comply with medical regulations along with building robust security and safety guidelines. Eric Smith, Co-Founder of Lares, elucidates that compliance alone cannot guarantee security and organizations must test all systems to protect patient data. He further adds, “If a patient is connected to a dialysis machine, his/her card data, identity, allergies are all stored within the system. If these systems aren’t tested beyond the simple validation of compliance, it gives a profound opportunity to cybercriminals to hack patients’ data.”

Lares delivers a wide array of testing services that equip organizations to certify their practices and make sure that they work in a secured network. Starting off, with penetration testing (pen-testing), Lares enables organizations to navigate the valid attack vectors in their network. Instead of merely identifying and validating vulnerabilities, the pen-testing process conducts full manual exploitation to assist organizations in detecting their threat corridors. Next, the firm sets up a custom monitoring system, enabling internal and external resources to oversee the change in workflow and access vulnerabilities. This continuous testing model equips organizations to replace their existing bug bounty programs with verified professional testers who are committed to navigating risks before any malicious activities could take place.

Further, to address the threats that arise internally from employees, former employees, contractors, vendors, suppliers, or business associates, Lares engineers emulate an insider risk program to detect the true risks that can harm an organization and accordingly build mitigation paths.

Eric Smith, Co-Founder, Lares
Additionally, Lares checks the potency of the protection and detection control programs along with examining the response quality through active attack simulations across the physical, electronic, and social realms. To this end, motivated and highly funded adversaries look for opportunities for attacking adversaries’ networks with maximum impact at all facets of the security network. This testing helps Lares to identify the weakest link in client organization networks and accordingly build robust security programs.

Lares’ uniqueness can be illustrated by their robust testing methodologies and frameworks which are considered an industry standard and are accepted by NIST and PCI as the foundational measures of all testing exercises. Lares starts by engaging clients to understand their working methodologies and then applies its security protocols and technological innovations accordingly to protect their distinctive qualities and maintain a competitive edge.

Lares delivers a wide array of testing services that equip customers to certify their practices along with ensuring that they work in a secured network

To further elaborate Lares’ expertise, the co-founders recollect a scenario where they simulated an attack on a reputed healthcare research organization. Lares then demonstrates how hackers can increase the temperature of a hospital to 100 degrees by hacking the HVAC systems to harm staff and patients and destroy electronic devices and data to the extent that they can never be recovered. Lares further explains how hackers use updated methodologies and malware to steal patient’s electronic data and how medical devices, such as drug dispensers that deliver morphine to patients, can be hacked to overdose patients, which can even lead to loss of life. The firm also provided five-year testing remediation, coaching, and design processes to improve security and policy architecture for the future.

Owing to the years of pertinent experience in the space, Lares is widely trusted by hospitals, healthcare providers, pharmaceutical companies, medical equipment manufacturers, and medical insurance companies for limiting the risk of cyber threats. A key factor steering the firm ahead of other peers is that the compliance initiatives are the starting point of security programs. With a robust security approach, Lares helps ensure that whenever a machine is connected to a patient, stringent security standards are applied to avoid causing any patient harm. The firm’s testing services help ensure that all machines adhere to the healthcare regulations while having the ability to defend criminal attacks. In the days ahead, the firm intends to continue reinvigorating the healthcare space and aid its customers to take robust measures for protecting patient data.