In recent posts we have talked about the damage currently being caused by healthcare data breaches and how ethical hacking shows areas of weakness in a network. In this post, we talk about how ethical hacking works.
Roughly one in 10 people in the U.S. have had their medical records exposed to some sort of security threat (Politico, 7/2014). According to a report by Cyveillance, more than half of all malicious attacks delivered via the Web go undetected by anti-virus software. This is costing organizations millions of dollars in business loss; with the most damaging attacks taking the form of viruses, unauthorized access, and theft of proprietary information.
Statistics like those above are why ethical hacking is so important. Healthcare organizations need to identify their vulnerabilities before they become a million-dollar problem.
How Our Ethical Hacking Works
At HealthPOINT Security Services we utilize industry standards and best practices for testing the security of an organization. Depending on the organization’s specific needs, we can test Web-facing applications or network infrastructure. We use best-in-technology tools and processes to test network devices such as firewalls, routers, switches, servers, workstations, and printers.
Our hacking a.k.a network penetration testing is performed by a dedicated team consisting of highly-skilled, focused and experienced security consultants who are very familiar with current attack methods and techniques used to exploit systems, network, web applications, and modern vulnerabilities. We test for over 45,000+ known vulnerabilities, logic flow problems, and other risks.
Not all vulnerabilities fall under the category of a specific published vulnerability so we also employ a customized oracle of manual tests that are used to check for vulnerabilities not commonly found with typical testing methods.
Penetration tests are conducted as safely and thoroughly as possible. We realize that security is very important and thus, use specific protocols, procedures, and standards to ensure the best possible experience for our valued clients.
The result is intended to be an overall assessment of the organization’s network, and those systems and subnets that fall within the scope of the project. The findings are provided in Executive Summary and Detailed Findings reports reflecting the conditions found during the test.
Our director Dan Friedrich says, “Having a penetration test performed by a reputable firm can do more for a CIO’s ability to sleep than all the policies in the world. It proves how well you have implemented policy, everything you have done up to that point is ‘good intention’.”
Check back next week as we start to dig even deeper into the phases of an ethical hacking project execution.
If you are interested in more information on how network testing might benefit your specific organization, sign up for a free consultation with us today.