Protecting the privacy & security of your patient’s health information.

Meditology Services Identifies the Top 10 Hacking Exposure Areas for Healthcare IT Systems

ATLANTA – January 19, 2016 – (PRWeb) Meditology Services LLC, a professional services company specializing in IT solutions for healthcare organizations, today announced new research based on a two year study from 2013-2015.  As a follow up to this research endeavor, Meditology has released a white paper focused on ethical hacking, also known as penetration testing, and why it is a very effective way to test the security of healthcare information systems. The paper, “Hacking Healthcare: Real-world Healthcare Security Exposures from Penetration Tests,” drives an increased awareness of the need for the healthcare industry to harden systems against both external and internal threats.  The paper also helps healthcare organizations understand how to take a proactive security stance based on the concepts, methodology, approaches, and a description of various real-world penetration testing and related results.

According to the Ponemon Institute, criminal attacks on healthcare organizations have increased 100 percent since 2010 and represent the highest per-record cost to companies across industries.

“Medical data and medical identity theft can be very lucrative market, and, on the whole, healthcare organizations are less prepared, making it an attractive venture for hackers,” said Brian Selfridge, partner for the security and privacy practice at Meditology. “While healthcare providers and payers are increasingly investing in security tools and processes, ethical hacking is an essential security test to determine whether these tools are working as designed.”

Anatomy of a Penetration Test

Depending on the organization’s size and complexity, thorough penetration testing can take weeks to carry out and involves reconnaissance, surveying, testing and reporting to produce a final analysis across exposure areas. The paper outlines the top 10 hacking exposure areas based on the results of testing including physical security, phishing, medical devices, passwords and more. Both internal and external tests must be considered to address the full range of attack vectors.

“Hackers have expanded focus from technical vulnerabilities in public facing applications and networks to sophisticated social engineering and phishing attacks that psychologically manipulate people into divulging information,” Selfridge continues. “Medical devices also present an increasingly popular access point as they are configurable, and interconnected.”

Regular penetration testing is essential for organizations to identify weaknesses and gain the support they need to prevent data breaches.  Domain expertise in the healthcare industry should be a top requirement when engaging a security firm to conduct penetration testing as patient safety, unique application issues, and specific regulatory requirements create a complex landscape that is different from other industries.

The complete paper can be downloaded at

A webcast, “Hacking Healthcare - Real World Healthcare Security Exposures from Penetration Tests,” will be held Wednesday February 3, 2016 at 1:00 EST. For more information and registration, please see

About Meditology

Meditology Services is a leading professional services company with an exclusive focus on the healthcare industry and a core competency in IT security. Meditology's success stems from the deep and extensive expertise of its leadership team, representing a mix of Big Four consulting and healthcare security operational experience. Clients include many of the nation’s largest healthcare providers and payer organizations. Visit Meditology at or follow us on Twitter (@Meditology) and LinkedIn.