
ETHICAL HACKING & PENETRATION TESTING
Healthcare environments are a sought-after target for malicious hackers
due to the high black-market value of health information.
Meditology’s certified ethical hackers and penetration testers will uncover vulnerabilities and misconfigurations that could potentially allow ransomware and hackers access to your critical information and systems.
Our deep understanding of healthcare environments allows us to conduct testing in a safe and effective manner to protect patient safety.
Our healthcare experience allows us to map technical testing results back to HIPAA, HITRUST, PCI-DSS, and NIST frameworks and requirements.
Meditology has extensive experience performing technical testing for large-scale health insurance companies, Business Associates, and leading healthcare providers across the country. We have also served as advisors to ONC/HHS on ethical hacking and medical device security.
ETHICAL HACKING & PENETRATION TESTING SERVICES
Many health care organizations hire third-party firms to provide ethical hacking services. This stems from a shortage of qualified ethical hackers, along with a desire for an independent review of access controls.
While there are many different vendors that offer ethical hacking testing services, the quality and types of services vary. Review our tips below to make sure you identify the best security partner for your penetration testing needs.
Use the following tips to help select the right security partner for your ethical hacking testing:
The Vendor
Does the vendor have experience conducting penetration testing? Is health care the primary focus? What are the vendor’s qualifications in the industry? Is the vendor familiar with health care environments and their unique issues, health care applications, and medical equipment? Ask the vendor for references from healthcare organizations.
Regulatory Landscape
How well does the vendor know the health care regulatory landscape (e.g., HITRUST, NIST, SOC 2, HIPAA, HITECH, Omnibus, and PCI)?
Comprehensive Test
Does the vendor conduct a comprehensive test that includes many types of scenarios?
Testing and Assessments
Is the vendor only conducting a vulnerability scanning assessment? A penetration test consists of more than just identifying vulnerabilities. A thorough test also involves exploiting the vulnerabilities and manually testing for security holes that an automated tool might not be able to discover.
Security Weaknesses
Does the vendor try to gain access as well as identify an organization’s security weaknesses through the penetration tests?
Staff and Testing Methodologies
Is the vendor’s staff professional and do they know how to communicate the technical results through reporting and presentation to senior leadership and other non-technical stakeholders? Does the vendor have proven, tested tools and testing methodologies?
Minimize Impact
Can the vendor know how to minimize the potential for impacting patient safety and critical systems, including common health care applications, during vulnerability scanning activities?
Recommendations
Does the vendor provide clear, prescriptive, and tailored recommendations and offer advice to help an organization address and correct the weaknesses discovered during the testing?

WHAT SETS MEDITOLOGY APART
- Ranked #1 Best in KLAS for Cybersecurity Advisory Services in 2019 and 2020
- HIPAA expert witness firm for OCR
- Experienced CISOs and Privacy Officers
- Dedicated to healthcare
- Hundreds of clients coast to coast
- Advisors to ONC / HHS