Redox Launches Public Bug Bounty Program With Bugcrowd to Help Keep Health Data Secure

One of the First Health IT Companies to Add Crowdsourced Security as Part of its Cybersecurity Strategy

Madison, WI—June 18, 2019

Redox, the company that is changing the way healthcare vendors and providers share data, today announced the launch of a public bug bounty program with Bugcrowd to help ensure the security of its customers’ health data. As one of the first health IT companies to adopt a crowdsourced security approach, Redox is offering monetary rewards to trusted hackers to identify security vulnerabilities in its technology platform.

Tweet this:

News! @redox launches public bug bounty program with @bugcrowd to help ensure the #infosec of its customers’ health data #HIT #crowdsource

“The Redox healthcare integration platform is built on the promise that organizations can securely and efficiently exchange data,” said Ben Waugh, chief security officer, Redox. “Crowdsourced security is a valuable part of our security strategy. Due to our highly segregated environment, we have been able to set up this bug bounty program with Bugcrowd to do testing in a safe way, ensuring we are keeping customer data safe, while also gaining contextual intelligence on potential security vulnerabilities.”

Redox is at the forefront of a tsunami of digital health data connectivity, providing a cloud network that simplifies how healthcare organizations exchange data. With one connection to Redox, organizations eliminate a fragmented, inconsistent mess of data formats and APIs that slow digital transformation.

While APIs can improve value in healthcare, there are also legitimate security issues with exchanging health data. The healthcare industry has been a prime target for hackers as personal health information (PHI) is among the most valuable commodities on the dark web. In addition, API abuse is predicted to be the single largest attack vector by 2022.

At the same time, industry regulations such as HIPAA can make adopting new security practices like bug bounty programs more challenging. Redox overcame this by building its platform so that different types of accounts are isolated into their own infrastructure, so security researchers can still do their testing in a meaningful way while significantly reducing the risk of being exposed to PHI.

“We ran a private bug bounty program for the past year, which paid out over $5,000 in bounties for around 30 low impact vulnerabilities,” Waugh said. “Due to the program’s success, Redox is introducing the public program earlier than expected and increasing the reward program to be one of the most competitive in our industry.”

Under the public program, Redox will now pay up to $10,000 per critical flaw, particularly those which are unique and demonstrate that the researcher has spent the time to understand the Redox technology platform to identify a vulnerability that could significantly impact customers.

“As the healthcare industry continues to move into the digital age, each new technology that provides value to patients, organizations, and caregivers also brings with it unique cybersecurity risks,” said Ashish Gupta, CEO at Bugcrowd. “Through our crowdsourced security approach, Bugcrowd gives healthcare IT teams more time to focus efforts on big-picture compliance and protection strategies. We’re thrilled to be working with Redox, extending the power of their security team and paving the way for other health IT companies to adopt next-generation security testing practices.”

For more information on the bug bounty program and how healthcare technology companies can adopt them safely, join Ben Waugh, Redox CSO, and David Baker, Bugcrowd CSO, in a live webinar titled, “Building an Effective Crowdsourced Security Program in Healthcare,” on July 11 at 11 a.m. PT/ 2 p.m. ET. Learn more and register to view

About Redox

Redox accelerates the development and distribution of healthcare software solutions with a full-service integration platform to securely and efficiently exchange data. Healthcare delivery organizations and technology vendors connect once and authorize the data they send and receive across the most extensive interoperable network in healthcare. Redox exists to make healthcare data useful and every patient experience a little bit better.

Learn how you can leverage the Redox platform.

About Bugcrowd

Bugcrowd is the #1 crowdsourced security company. More Fortune 500 organizations trust Bugcrowd to manage their Bug Bounty, Vulnerability Disclosure, and Next Gen Pen Test programs. Bugcrowd’s award-winning platform combines actionable, contextual intelligence with the skill and experience of the world’s most elite hackers to help leading organizations identify and fix vulnerabilities, protect customers, and make the digitally connected world a safer place. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures, and Triangle Peak Partners.

Learn more at


Davida Dinerman
Director, Look Left Marketing (for Redox)