Peace of Mind: HITRUST Penetration TestingHealthcare providers who collect, store and share personal health information (PHI) often ask about the importance of a HITRUST CSF (Health Information Trust Alliance Common Security Framework) certification. And Drummond’s answer is always going to be a resounding “it’s very important!” due to the acceleration of 21st Century digital transformations, related increase in cybersecurity risks and myriad regulatory requirements. HITRUST certification brings peace of mind to providers and consumers because it protects PHI and ensures organizations remain compliant with healthcare industry mandates.

It is a comprehensive framework that draws from HIPAA, NIST, PCI DSS, and ISO 27001, and many state laws, and aims to provide a uniform, structured process for managing data and systems security and compliance. While its focus is to protect personal data from unauthorized access and theft, the HITRUST CSF specifically addresses information security by requiring organizations implement technical controls to help validate security, such as penetration testing, on a minimum annual basis – noting that the frequency could be as often as quarterly.

Pen Tests Validate VulnerabilitiesPenetration tests can be used to help an assessment team validate vulnerabilities identified during a security assessment, as well as help identify additional at-risk areas within the organization’s environment.

Our team of experts follows a phased methodology to assess security controls against real-world attacks:

Planning and Preparation: The entity may provide the penetration tester with full and complete details of the network and applicationsInformation Gathering and Reconnaissance: OSINT Framework and proprietary tools are usedto gather information about the targets and target company. This information is analyzed andused to determine potential attack vectors

Pen Tests Validate Vulnerabilities (cont’d)

Vulnerability Detection: Industry-standard tools such as NMAP, Nessus or Qualys scan anddiscover active hosts and open ports within the provided scope; scan results are analyzed by the tester to determine potential attack vectors

Exploitation: Based on the analysis of the information-gathering and vulnerability detection phases, Drummond’s team will attempt to exploit vulnerable systems and determine the extent of systems and data that may be compromised due to this vulnerability

Reporting: A detailed penetration test report will be presented – this overview will identify the most critical network vulnerabilities needing to be addressed and a corresponding plan of action – in order of urgency

The Drummond Difference: Experience and IntegrityHiring the most knowledgeable assessors is vital as all phases of a successful HITRUST certification and related penetration testing depend on experience and integrity. The Drummond difference is about helping your organization prepare at all levels to successfully achieve compliance for regulatory information security mandates. Test critical business applications for standards conformance and interoperability. Increase trust, gain expertise and experience our proven methodologies and attention to detail as we partner with you for your long-term success.

Since 1999, Drummond delivers personalized services proven to help you strengthen your security posture and a comprehensive suite of services to help you achieve compliance with complex regulatory information security mandates, including HITRUST, HIPAA, PCI, SOC, ISO 27001, NIST and GDPR. Our highly skilled experts are ready to collaborate with you and your team.

Contact us Today!

Drummond is here for you

Contact us at sales@drummondgroup.com