Your website, web applications, APIs, and mobile platforms are on the front lines of security attacks from Internet-based attackers.

Meditology's certified penetration testing team has decades of experience performing web application security testing to identify technical and logical security weaknesses for healthcare technology devices and platforms.


Application Security Testing

Web Application Security

Meditology’s web application security testing includes a deep dive analysis of potential security weaknesses of your website and web applications that could allow an attacker unauthorized access to the network or sensitive information. We have extensive experience testing cloud hosted and locally hosted web applications to identify and fix security weaknesses in time to prevent irreparable breach events.

Application Security Testing

API & FHIR Testing

The 21st Century Cures Act has led to the development of Application Programming Interfaces (APIs) to connect EHR platforms with third-party apps and platforms. The new APIs leverage the FHIR development standard. Meditology’s penetration testing services for APIs are designed to identify security exposures that could lead to a material security breach of your systems.

Application Security Testing

Mobile Application Testing

The digital health renaissance has led to the movement of PHI and other sensitive information to staggering volume of new and innovative mobile technologies. Our mobile application testing services provide a thorough technical assessment of your mobile applications to identify potential security vulnerabilities or misconfigurations that could lead to a material breach of your critical systems and regulated patient information.

Application Security Testing

Dynamic and Static Code Analysis

Our static code analysis provides an offline security review of source code for your key applications to identify and remediate security exposures before they get deployed in production environments. Our team uses industry standard commercial static code analysis tools to facilitate our testing and analysis.

Application Security Testing

Desktop Application Security Assessments

Meditology’s desktop application assessment service is designed to identify security weaknesses, vulnerabilities, and misconfigurations in desktop-hosted apps that could lead to a breach of your systems and sensitive information.


  • Decades of experience hacking healthcare organizations
  • Safe testing methods to protect patient safety
  • Identify vulnerabilities common to the healthcare industry
  • Findings mapped for compliance with HIPAA, HITECH, PCI-DSS, & NIST
  • Aligned with industry standards like MITRE, OWASP, and OSSTMM
  • Advisors to ONC / HHS on ethical hacking
  • Comprehensive testing and reporting:
    • Multiple avenues of attack and entry
    • Manual testing from our highly specialized and certified team
    • Robust reporting with tech detail and terminology the business can understand