ETHICAL HACKING & PENETRATION TESTING
Routine identification of security vulnerabilities is a fundamental component of a robust, layered security program designed to reduce the risks resulting from exploitation of both technical and process-related vulnerabilities.
MEDITOLOGY OFFERS A FULL SUITE OF VULNERABILITY SCANNING AND ID SERVICES INCLUDING:
Managed Vulnerability Scanning
Meditology offers a managed service for conducting, reporting, and analyzing vulnerability scans for healthcare entities. Our team uses commercial vulnerability scanning tools and remotely conducts a combination of internal network scanning, external network scanning, and specialized device scanning (e.g. IoT and Medical devices). We provide monthly reviews of results and reports including analysis from our highly specialized ethical hacking and penetration testing experts.
PCI-ASV Quarterly Scanning
Meditology is a PCI-DSS Approved Scanning Vendor (ASV) and provides quarterly external scans to satisfy PCI-DSS requirements. Our PCI certified team uses commercial vulnerability scanning tools that are approved by the PCI SSC to conduct external scans. Meditology is also a PCI-DSS Qualified Security Assessor and offers a full range of PCI services dedicated to the healthcare industry.
Medical Device Security Vulnerability Identification
Improperly secured medical devices can impact patient safety and expose organizations to cybersecurity breach risks and regulatory compliance gaps. Meditology’s Medical Device Vulnerability Identification Service assesses security risk and vulnerabilities for medical devices in a safe and effective manner. The vulnerability identification process deploys an experienced team of assessors that provide insight to the vulnerabilities of the medical devices and hardware you purchase before putting your network and patients at risk. We offer both passive and active scanning options. Contact us to learn more about our medical device vulnerability identification approach and options.
WHAT SETS MEDITOLOGY APART
- Decades of experience hacking healthcare organizations
- Safe testing methods to protect patient safety
- Identify vulnerabilities common to the healthcare industry
- Findings mapped for compliance with HIPAA, HITECH, PCI-DSS, & NIST
- Aligned with industry standards like MITRE, OWASP, and OSSTMM
- Advisors to ONC / HHS on ethical hacking
- Comprehensive testing and reporting:
- Multiple avenues of attack and entry
- Manual testing from our highly specialized and certified team
- Robust reporting with tech detail and terminology the business can understand