Penetration testing is an integral part of your compliance plan and although it’s not required for HIPAA compliance, the increased number of health care record hacks and the resulting costs make penetration testing a valuable necessity.
Total HIPAA penetration testing replicates techniques used by hackers to determine how a
system will react to an attack, identify weaknesses, and determine what information can be
acquired. Penetration testing is performed from multiple angles: against public-facing servers
via the Internet, and against internal systems from within the network. In-depth scans are
performed against servers identified in the research process to determine exactly what
software is exposed to the outside world. Using a combination of open-source and proprietary
hacking tools, attacks are carried out on these systems, attempting to gain unintended access
to the servers.
Upon completion of testing a detailed report is produced which includes a summary of steps
taken to infiltrate company systems, missing/ineffective controls, action-items to secure the
business organized in a timeline based on severity, and technical data to assist with
We offer three levels of testing:
Silver – This service is recommended for smaller organizations operating a public website that
might include an e-commerce storefront. Testing includes evaluation of the security of the
public facing servers or a remote-access server.
Gold – Recommended for small- to medium-sized organizations of 10 to 250 employees with
internal file and email servers, user workstations, and wireless networks, laptops, and
mobile devices, and network security devices such as routers and firewalls. There may be more
than one physical location.
Platinum – In addition to the network tests covered in Silver and Gold levels, this testing
expands the vulnerability assessment and penetration test to include physical controls such as
cameras and locks, networked devices such as printers and scanners, and 3rd-party cloud
services such as Dropbox and Salesforce. The Platinum level service also includes a Certified
Ethical Hacker conducting these services on-site. This addresses the needs of medium to large
organizations that require a more in depth look at their security.