Patient data is the highest-value record on the dark web — and healthcare is the second-most-attacked sector globally. Our engagements are scoped against HIPAA, NHS DSPT, GDPR Article 9 (special category data), and the realities of HL7 / FHIR integration.
Ransomware operators have specifically targeted healthcare since the pandemic. The combination of high-value patient data, integrated medical devices, legacy clinical systems that can’t be patched without downtime, and a workforce that prioritises patient care over IT hygiene makes healthcare uniquely vulnerable. Our engagements are designed around safe testing of clinical environments.
Electronic health record platforms (Epic, Cerner, custom) are tested against the full OWASP Top 10 plus healthcare-specific concerns: cross-patient data leakage via IDOR, role-based access control across clinician/admin/patient portals, audit trail integrity (HIPAA § 164.312(b)).
FHIR is now the standard for health data interoperability. We test SMART-on-FHIR OAuth flows, FHIR API authorization (BOLA via Patient/{id}/Observation), bulk data export endpoints, and the consent model implementation.
Where the engagement scope includes IoMT (Internet of Medical Things) integrations — infusion pumps, imaging systems, monitor gateways — we test the network and protocol surface with non-destructive payloads only.
De-identified data lakes used for analytics still contain PHI risk through re-identification. We audit cloud configurations against HIPAA-aligned baselines, with special attention to S3/Blob storage, KMS key management, and audit log coverage.
We never run destructive payloads against production clinical systems. Standard precautions include:
Confidential 30-minute call with healthcare security leads. Proposal mapped to HIPAA / NHS DSPT requirements.