Medical Home Network – Penetration Testing
Timeline
Winter – Fall 2022
Our Role
Technical Assistance for the Win Upgrade
Tools Used
Windows 10, Windows 7, Microsoft
End Points:
100
Project Overview
Medical Home Network
Medical Home Network (MHN) is a not-for-profit collaborative that has fundamentally changed how care is delivered. Their proven model of care unites provider communities and diverse healthcare entities around a common goal: to redesign healthcare delivery and transform the way care is managed at the practice level.
The Challenge
Medical Home Network works in the healthcare domain which means it has access to data such as social security numbers, medical records and so on which is personal to the patient. So they requested to get a penetration testing done to test their network to make sure they are secure from cyber attackAs and also they are compliant with the Health Insurance Portability and Accountability Act(HIPAA) security rule.
The challenge here was to make sure we have the VMWare setup correctly so that we can conduct the next steps which includes gathering network details and conducting the required tests and getting the final report. We do not manage the client’s network so we need to make sure we have the correct information from the client and their managed service provider which was also needed to be achieved to make sure the test is successful.
Our Solution
To start off with the process, the scope of work was created which fulfilled the client requirements. Virtualization host was ordered and the Virtual Machine was setup where the tests will be carried out.
User and network details were gathered so that the penetration testing module can be setup according to that. The information was verified on the module and the required tests were run on the client’s network as per the approved schedule from the client.
The test results were analyzed and the report was sent to the client and all information which we had was deleted as it is sensitive data with regards to the client’s network which we did not want to keep.
The Results
The client is compliant with the HIPAA security rule which they need to be compliant with. The client was made aware of the current state of the network and they were satisfied with the current setup.
The client was not a partner with us but with the work was done in the correct manner which will help the client to depend on AKA Comp Solutions for any future projects or even managing their IT Infrastructure.