February 8, 2016
Total HIPAA Compliance (THC) (www.TotalHIPAA.com) in cooperation with the Information Technology and Security Services Division of Thomas, Judy and Tucker (TJT), an accounting and professional services firm, is offering penetration testing of clients’ networks.
“The increased number of hacks of health records and the resulting costs makes penetration testing an integral part of a comprehensive HIPAA compliance plan,” states Jason Karn, Chief Compliance Officer for THC.
All testing available through Total HIPAA is conducted by white hat hackers carrying the Certified Ethical Hacker (CEH) certification. A white hat hacker is a security expert who conducts penetration testing on systems for which the operators/owners have requested evaluation. A black hat hacker is a malicious computer operator who attempts to gain unauthorized access to a system. These individuals attack websites for political gain, to steal sensitive information for financial gain, or disrupt services for fun.
If security gaps are discovered during penetration testing, the network can be secured before a black hat hacker breaches your network.
“Penetration tests are an integral part of a full security audit which should be conducted on a regular basis,” explains Drew Green, a Certified Ethical Hacker, Director of TJT Information Technology group, and leader of the penetration testing offered through Total HIPAA.
Total HIPAA penetration testing replicates techniques used by hackers to determine how a system will react to an attack, identify weaknesses, and determine what information can be acquired. Penetration testing is performed from multiple angles: against public-facing servers via the Internet, and against internal systems from within the network. In-depth scans are performed against servers identified in the research process to determine exactly what software is exposed to the outside world. Using a combination of open-source and proprietary hacking tools, attacks are carried out on these systems, attempting to gain unintended access to the servers.
Upon completion of testing a detailed report is produced which includes a summary of steps taken to infiltrate company systems, missing/ineffective controls, action-items to secure the business organized in a timeline based on severity, and technical data to assist with remediation.
Three levels of testing are available.
- Silver – This service is recommended for smaller organizations operating a public website that might include an e-commerce storefront. Testing includes evaluation of the security of the public facing servers or a remote-access server.
- Gold – Recommended for small- to medium-sized organizations of 10 to 250 employees with internal file and email servers, user workstations, and wireless networks, laptops, and mobile devices, and network security devices such as routers and firewalls. There may be more than one physical location.
- Platinum – In addition to the network tests covered in Silver and Gold levels, this testing expands the vulnerability assessment and penetration test to include physical controls such as cameras and locks, networked devices such as printers and scanners, and 3rd-party cloud services such as Dropbox and Salesforce. The Platinum level service also includes a Certified Ethical Hacker conducting these services on-site. This addresses the needs of medium to large organizations that require a more in depth look at their security.
Pricing is available upon request.
ABOUT TOTAL HIPAA COMPLIANCE
Total HIPAA Compliance offers online HIPAA compliance and training for five separate covered industries – medical, dental, health insurance agents/brokers, employer health plans, and Business Associates with access to ePHI. Our staff has extensive regulatory, educational, professional management, technical expertise and health care experience that simplifies the compliance process while affordably keeping you up-to-date with the HIPAA Law. See more at: www.TotalHIPAA.com.
ABOUT THOMAS JUDY AND TUCKER
Since 1990, Thomas, Judy and Tucker, PA, has been creating and sustaining partnerships that deliver professional, reliable results. As a full service accounting and professional services firm, offering attestation, taxation, outsource accounting, business valuation/litigation support and network security consultation, TJT is equipped to offer timely business, financial and tax services to a variety of clients. www.TJTPA.com