Earlier this year, a nonprofit health system headquartered in Phoenix, Arizona, paid $1.2 million to resolve a hacking HIPAA breach which disclosed the protected health information of 2.81 million consumers.
With the Phoenix case, the HIPAA violations specifically included “the lack of an analysis to determine risks and vulnerabilities to health information.”
Protecting your assets and reputation from cyberattacks in today’s climate is an ongoing endeavor, and one HIPAA cybersecurity breach could result in ransom, litigation, penalties…even collapse.
Critical to your protection is analyzing your cybersecurity’s strength with a “pen test,” (aka penetration test). This exercise is extremely popular among BlueOrange customers —a BlueOrange expert (Offensive Security Certified Professional) looks for gaps in the network you are working to protect. It’s a great way to identify potential areas needing attention to shore up your security measures.
It’s not just a cookie-cutter scan. An expert searches for weaknesses within the network, attempting to ethically pierce through gaps in the system. It’s a real-life test that validates MSP/vendor controls and shines a light on any potential holes, including:
- A document on an accessible file share with usernames and passwords
- Weak password settings with easy-to-guess passwords
- A misconfigured service that is exposed to the internet that can be exploited making it possible to gain access
- Users that engage with phishing attempts and what information they disclose
If you don’t know where the gaps are, you can’t fix them. The certified specialist identifies how hackers can access information and recommends action steps to block real hackers from penetrating your environment. Taking these action steps helps you avoid:
- Ransom incidents
- Hefty HIPAA cybersecurity fines
- Expensive civil litigation for cybersecurity negligence
- Business disruption, for weeks, even months
A pen test is also a “recognized security practice” with HIPAA, which can reduce fines/penalties in the event of a breach. For more information on pen tests or other cybersecurity tools, please contact us today!