Back in the day, the most important concern for a healthcare organization was to provide the best quality of life for its patients and to promote health awareness. However, in this day and age, healthcare organizations also need to worry about protecting patient information. Some of this is identifiable and sensitive — PHI or Protected Health Information.
Most healthcare organizations are well connected to the world wide web today, and they collect an immense amount of data about their patients. This data isn’t limited to just medical history. It also contains private information, such as names, addresses, social security numbers, and even bank account details.
All this is very tempting for hackers and cybercriminals. As a result, healthcare organizations need to make sure that their systems and networks are highly secure. Not only is it the right thing to do but it is also required by the government in the form of HIPAA regulations.
So, healthcare entities need to ensure that their networks are secured, cardholder data is protected, vulnerabilities are identified and managed, and robust access controls are implemented. The testing and monitoring of networks must be conducted on a periodic basis.
Speaking of monitoring and testing, HIPAA compliance involves technical and non-technical evaluations on a periodic (at least yearly) basis. These evaluations allow the organization to determine how secure their systems are.
Now, there are various forms of testing, such as vulnerability scanning, penetration testing, and a combination of both. In this blog, we are going to look at penetration testing and why it’s a major part of HIPAA compliance.
Read the rest of this post »