Over the last five years hospitals have gone through a tremendous number of financial and operational challenges, which has led to a variety of changes, including mergers and acquisitions. Although some national hospitals are struggling, regional organizations are expanding their geographic reach and increasing their market presence.
In fact, according to PwC, 86% of health industries CEOs who made a significant acquisition in the past three years plan to make one or more acquisitions in the next three years. The merging of health care organizations is a complex endeavor, requiring the blending of many things including patients, doctors and systems, including IT and software applications, especially applications for mobile devices.
Mobile applications are increasingly used by health care organizations for everything from scheduling patient appointments to processing claims to managing serious health conditions. The one thing all these mobile application functions have in common, in the United States, is their need to be Health Insurance Portability and Accountability Act (HIPAA) compliant, and their usage of protected health information (PHI).
However, when health care organizations merge, mobile application development teams are now not only responsible for the applications developed by the company they have acquired, but they also need to make decisions about the usage of those applications moving forward. The acquiring company is now responsible for these mobile applications, and protecting them from risk, as well as whatever potential vulnerabilities may be in these applications that are being used by their patients, employees, and partners.
Development, testing, and security teams in an acquisition will need to support development, testing and deployment cycles for their own mobile applications they have developed, as well as those developed by the acquired company. Yet the pressure to integrate a new organization quickly may lead to choosing speed over security in development.
With Corellium healthcare organizations don’t have to make that choice. We enable DevSecOps teams to accelerate the process of building, testing, and deploying mobile applications while keeping security in the loop. Corellium not only enables the scalability and jailbreak options that physical devices lack, Viper with MATRIX also lets teams automate HIPAA and OWASP checklist testing. This gives testers the time they need to be more thorough, whether that’s performing deep manual exploit investigation or manually testing AI chat functionality in an application by simulating a conversation with a user and generating test data. Corellium also accelerates time to remediation with easy-to-understand results and evidence to simplify HIPAA and PHI audit and compliance.
