Peace of Mind: HITRUST Penetration Testing Healthcare providers who collect, store and share personal health information (PHI) often ask about the importance of a HITRUST CSF (Health Information Trust Alliance Common Security Framework) certification. And Drummond’s answer is always going to be a resounding “it’s very important!” due to the acceleration of 21st Century digital transformations, related increase in cybersecurity risks and myriad regulatory requirements. HITRUST certification brings peace of mind to providers and consumers because it protects PHI and ensures organizations remain compliant with healthcare industry mandates. It is a comprehensive framework that draws from HIPAA, NIST, PCI DSS, and ISO 27001, and many state laws, and aims to provide a uniform, structured process for managing data and systems security and compliance. While its focus is to protect personal data from unauthorized access and theft, the HITRUST CSF specifically addresses information security by requiring organizations implement technical controls to help validate security, such as penetration testing, on a minimum annual basis – noting that the frequency could be as often as quarterly. Pen Tests Validate Vulnerabilities Penetration tests can be used to help an assessment team validate vulnerabilities identified during a security assessment, as well as help identify additional at-risk areas within the organization’s environment. Our team of experts follows a phased methodology to assess security controls against real-world attacks: Planning and Preparation: The entity may provide the penetration tester with full and complete details of the network and applications Information Gathering and Reconnaissance: OSINT Framework and proprietary tools are used to gather information about the targets and target company. This information is analyzed and used to determine potential attack vectors