Ask the Expert: Penetration Testing

by Sarah Harvey / May 17th, 2021

Penetration Testing for HIPAA Compliance

Penetration testing is a critical line of defense when protecting your organizationā€™s sensitive assets – especially Electronic Protected Health Information (ePHI). Penetration testing is the process of performing authorized security testing of an environment to identify and exploit weaknesses associated with the targeted systems, networks, and applications before those weaknesses can be exploited by a real attacker. When performed in support of HIPAA compliance, the goal is to identify issues that could result in unauthorized access to ePHI.

In this webinar, KirkpatrickPrice’s Lead Penetration Tester answers your questions about penetration testing, including:

  • What is the difference between penetration testing and vulnerability scanning?
  • Should penetration testing include a human element or can it be done using tools alone?
  • Do I have to hire a third party to perform penetration testing?
  • How often should I have penetration testing done when preparing for a HIPAA assessment?
  • Should I retest after remediation?  Should that be included from the firm I work with?
  • How do I know which level of penetration testing is right for me?  What are the options?
  • How do you choose targets in large IP address spaces?
  • What is the difference between web application penetration testing and network penetration testing?
  • Does penetration testing include API testing?
  • How do you balance applying automated tools to the target vs something manual to the target, like someone at a laptop?
  • As the IT landscape continuously grows, how do you ensure that you get the correct skills on a penetration test, since no one knows everything?
  • How does KirkpatrickPrice price penetration testing engagements?

More Penetration Testing for HIPAA Compliance Resources HIPAA Security Rule for Professionals

164.308(a)(8) Standard: Evaluation

NIST SP800-66 ā€“ (HIPAA Implementation Guidance)

National Institute of Standards and Technology (NIST) SP800-115

Open Source Security Testing Methodology Manual (OSSTMM)

Open Web Application Security Project (OWASP)

Penetration Testing Execution Standard (PTES)

Penetration Testing Framework