Advantasure Advances Secure Coding Practices with Veracode to Combat Attacks Targeted at Healthcare Organizations
Veracode developer training integrated into workflows of hundreds of Advantasure developers helps create secure software from the start
BURLINGTON, Mass. – Jan. 21, 2020 –– Veracode, a leading provider of application security testing (AST) solutions, today announced that Advantasure has improved its security posture and secure coding practices by working with Veracode. Advantasure, a leader in technology solutions for healthcare providers, integrated Veracode static analysis, dynamic analysis and developer training solutions into its development pipelines to empower a team of 680 developers to create secure code.
With medical records among the most sought after data in cyberattacks, organizations in the healthcare sector face the reality of increasing attacks and severe financial and reputational damage if a breach occurs. The average cost of a data breach can be up to nearly $4 million, but in healthcare, that number rises to $6.5 million - or about $429 per patient record – which is the highest among all industries. In addition to financial costs, a breach affects healthcare organizations’ missions to provide exceptional patient care. Advantasure is responding by redefining its security strategy using Veracode to make secure coding practices ubiquitous, helping protect millions of personal records of plan holders across all U.S. states and Puerto Rico.
“Healthcare records are more valuable than any other data in the world today,” said Wallace Dalrymple Jr., Chief Information Security Officer of Emergent Holdings and Advantasure. “It’s up to us to have security built into our software development lifecycle, and to define what that means to us. Now, our developers are using secure coding tools as part of their normal job. Culturally, we are in secure coding mode all the time.”
Software is the basis of modern healthcare systems, including web-facing online portals most people use to select or manage their coverage plans. Veracode’s recent State of Software Security report found that healthcare institutions have the highest prevalence of severe flaws across industries, and the slowest median time to remediation. This means that risk exposure is higher because software flaws aren’t being fixed quickly enough.
Veracode provides an innovative platform that empowers developers and security teams to work together in DevSecOps, frequently scanning their applications and remediating flaws. Developer training on secure coding skills enables developers to identify and fix flaws earlier in the software development lifecycle. Achieving DevSecOps allows organizations to reduce the risk of data breaches, increase the speed of secure software delivery, meet compliance requirements, and cost effectively secure their software assets.
“The need to protect and secure software is extremely acute in healthcare, even as the industry evolves to offer more ways to reach customers online and expand management platforms,” said Elana Anderson, Chief Marketing Officer at Veracode. “Advantasure is helping set the blueprint for the healthcare field in how to implement, expand, and maximize use of Veracode’s application security platform to achieve not just secure code, but better relationships with customers and partners, and compliance with the most stringent industry standards.”
Advantasure also participates in Veracode Verified, a program that validates a company’s secure software development processes. To date, the company has achieved Verified Standard status in eight of its solutions, and four solutions have achieved Continuous status, the highest tier of Veracode’s attestation. Its goal is to achieve Veracode Continuous attestation across all applications, which can help the company move toward HITRUST certification for compliance and risk controls. Proving how it integrates security into development equates to a competitive advantage for Advantasure, Dalrymple said.
Dalrymple continued, “A lot of companies have marketing and sales information on ‘best practices’ in security, but what does that mean? When I meet with customers, I discuss our secure coding program as part of our overall security strategy, and show them the proof using Veracode Verified and Veracode’s analytics. We can show how many vulnerabilities we’re remediating, how we prioritize high severity flaws, and how we are prescriptive with application security.”
The company is using Veracode in unique ways, including leveraging the platform to scan the code of potential acquisitions to assess the quality of a company’s software and any associated risks before it makes a financial decision.
Advantasure is a healthcare technology and business process services company that improves the performance of health plans and provider organizations in the delivery of government healthcare programs. Through a comprehensive portfolio of products and services, Advantasure enables clients to lower administrative costs, increase reimbursement accuracy and improve the quality of care for their members.