• About InfoGard

  The Company

  • Overview
  • What We Do
  • Credentials
  • Independent Third Party
  • Careers
  • Contact Us

  Clients

  • Our Customers
  • Customer Testimonials

  Management Team

  • Company Management
  • Company Advisors
• Sectors We Serve

  Healthcare IT

  • EHR Testing & Certification
  • ONC-ATCB Certification
  • Hospital EHR Certification
  • Hospital Meaningful Use Incentive Payment Security Risk Analysis
  • Electronic Prescriptions for Controlled Substances (EPCS)
  • HIPAA Security & Privacy Assessments
  • SecureEHR
  • Breach Safe Harbor Certification
  • CalHIPSO
  • Penetration Test Services for Healthcare
  • Healthcare Vulnerability Scan Service
  • Medical Device Validation
  • Services for Security Technology Vendors
  • Healthcare Security and Privacy Offerings

  Federally Mandated Security

  • FIPS 140-2
  • Common Criteria Validation
  • Postal Systems
  • FIPS 201 (NPIVP) Card Command Validation

  Financial Services

  • Hardware Security Module
  • PCI Pin Entry Device Security
  • PCI Approved Scanning Vendor Validation
  • MasterCard PTS
  • Australian Payments Clearing Association
• Problems We Solve

  Problems We Solve

  • Healthcare
  • Smart Card/ID
  • Financial Industry
  • Federal Government

  Security Technology

  • Cryptographic Knowledge
  • Comprehensive Network Assessments
  • System Security Assessments
  • Compliance Assessments
  • FIPS 140-2
• Blog, News, & Events
  • Blog
  • Conferences
  • News
• Resources

  Resources by Sectors

  • Federally Mandated Security
  • Financial Services
  • Healthcare IT

  General Resources

  • Network Security Assessment
  • GSA Schedule
  • FAQ About EHR & HHS Safe Harbor Certification
  • Meaningful Use & Certification
  • About Breach Safe Harbor
  • Useful Links

Penetration Testing Services for Healthcare

Home > Healthcare Information Technology > Penetration Test Services for Healthcare

As the Healthcare industry rapidly deploys Information Technologies (IT) to increase the use of Electronic Health Record (EHR) software, data security has increasingly become a prime concern. Numerous, highly publicized data breaches have shown that Healthcare providers using IT systems that do not conform to Security best practices put their organizations and their patients' privacy at great risk.

Penetration Testing is a method of assessing the Security and Configuration of IT systems. Best practice standards and guidances direct organizations to conduct regular Penetration Testing. The Payment Card Industry (PCI) Data Security Standard (DSS), for example, requires that Penetration Testing be conducted on a yearly basis and whenever significant infrastructure or application changes are made. This requirement conforms with best practice guidelines published by the federal government.

Whether Penetration Testing is conducted by a Third Party provider or internal IT resources, the major challenge is to establish safe testing practices that promote consistency, provide accurate information, support remediation, and satisfy regulatory requirements. Without such benchmarks, variations will occur in the scope of testing and the detail of reporting, in the quality of service and adherence to professional standards, and in the technical competency of the Testers, resulting in reporting that will not be actionable or comparable from test to test.

In addition, Penetration Testing can include aggressive techniques that can result in system damage, disclosure of electronic Protected Health Information (e-PHI data), and business disruption. To avoid these problems, it is critical that appropriate rules of engagement be established and followed, along with Penetration Testing processes based on defined practices and procedures.

InfoGard can help Healthcare providers achieve the benefits of Penetration Testing while avoiding the risks. We work with Healthcare providers to establish Penetration Testing programs that provide safe, consistent, thorough, actionable results regardless of whether the testing is conducted by third parties or internal personnel. We also make sure that Healthcare providers know how to limit the scope and methods of Penetration Testing to avoid business impacts, system damage, and data loss.

InfoGard has nearly 20 years of developing and conducting IT Security Evaluation programs.

• Our expertise in Penetrating Testing allowed us to take the lead role in the creation of the American National Standards Institute (ANSI) X9.111 Penetration Testing Standard, which InfoGard proposed and authored as part of our work within the Accredited Standards Committee (ASC) X 9F4 Working Group.
• Our related work also includes the Validation Testing of Approved Scan Vendors (ASVs) on behalf of the PCI.
• We are accredited by the federal government to conduct multiple IT Security Evaluations.
• Our work in the Healthcare industry includes the testing and certification of EHR systems as a U.S. Department of Health and Human Services (HHS) Office of the National Coordinator Authorized Testing and Certification Body (ONC-ATCB).

To learn more about how we can assist your organization, please call us at: 805.783.0810 or use our Contact Form.