Health Information Management

Perform vulnerability assessment before conducting penetration testing

HIM-HIPAA Insider, January 19, 2015

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

While organizations should focus on performing regular risk assessments and analyses, there are also other ways in which they must review their systems for compliance. Often, these other evaluations are overlooked despite their value, says Kevin Beaver, CISSP, an information security consultant in Atlanta. In particular, organizations should be careful not to forget about performing vulnerability assessments and penetration tests, which are components of an overall risk assessment or analysis, says Beaver.


Hackers looking to gain access to an organization's data have moderate- to high-level knowledge of how systems and networks operate and can often easily exploit weaknesses, says John Askew, senior security analyst for SDGblue in Lexington, Kentucky.
"We recommend that organizations have regular vulnerability assessments in addition to their risk analysis," Askew says.
It's not enough for organizations to know what is in place to protect their systems; they must also be aware of how safeguards operate and whether they are functioning correctly. For example, simply knowing a firewall is installed is insufficient—privacy and security officers must also be familiar with how the firewall is configured and whether it adequately protects their organization, Askew says.
Continue reading "Perform vulnerability assessment before ­conducting penetration testing" on the HCPro website. Subscribers to Briefings on HIPAA have free access to this article in the January issue.


Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular