Scurit provides a wide range of security solutions to help you maintain your HIPAA security compliance. The healthcare industry is becoming a main target due to the ability and price that an attacker can get on the black market for PHI. The average price per record has been shown to be approximately $200.00+, the cost to remediate a healthcare breach can be 300.00+.
HIPAA does not require technical testing but, it does require a risk analysis which requires covered entities to test security controls. The only real way to determine if your technical controls mandated by HIPAA and outlined by your policies and procedures are appropriately implemented is by performing technical evaluations that should include a thorough vulnerability assessment and penetration testing.
HIPAA Security Rule Risk Analysis
“Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.”
This not only applies to you but, your business associates, and their business associates – basically anyone that you use that touches your PHI data. Have you verified that your vendors are secure? Do you periodically review their security policies? Do they do regular audits of their controls? These are all questions you should be asking.
A vulnerability assessment is a crucial building block for penetration testing. It can help you determine your current HIPAA security posture. We will scan your network & public facing web applications for potential vulnerabilities and report any findings to you in an easy to read format. Vulnerability assessments should be conducted periodically to make sure your security posture remains strong. We typically recommend that you have this done monthly, or quarterly – depending on the size of your application and network. A vulnerability assessment is similar to a burglar sneaking around a house checking doors and windows to see if there’s an easy way in.
Penetration testing takes the vulnerability assessment data and goes a step further. The burglar found an open door – uh oh! Now he’s going to use it to break in. Our Certified security professionals will actually attempt to break into your application and/or network and verify weaknesses in your systems. You can do just an application penetration test or a full network penetration test (which will also include any public facing applications).
HIPAA Security & Privacy compliance software as a service
Available Soon early to mid 2017 – sign up here if you would like to be notified when we start offering this service.
Not sure what you need or what to do? We can provide general HIPAA security consulting to help you increase and maintain a solid security posture. We can assist with
- HIPAA Privacy & Security gap analysis
- Risk analysis
- Penetration testing
- Vulnerability Assessments
- Information Risk Assessments
- Policy & Procedure development
- Server & workstation security
- Web application security
- Employee awareness training
- Incident response management
- Contingency & Disaster recovery plan development
- Ongoing security audits
- Breach notification activities
- Ongoing network and systems security monitoring
- selecting appropriate vendors
- code reviews and testing for applications that you have had custom built for your business,
Contact us for details on how we can help you improve your HIPAA Security today.