The Exploit

Notes from the Front Lines of Penetration Testing

Why We Always Harp on Healthcare

Posted on

Categories: ,
Why We Always Harp on Healthcare

Written by

Over the years, we’ve posted several times about the need for pentesting and a focus on security in the healthcare industry. Healthcare security may start with HIPAA regulations, but, in the end, it all comes down to protecting patients and the healthcare workers – from doctors to nurses to insurance offices, administrative staff, and everyone else who gives their all so that you and your family members are safe to focus on healing.

Getting Better, But There’s More to Do

Years ago, when I was still on the pentest team at Raxis, I recall walking through hospital patient floors during physical social engineering engagements. I’d put on the scrubs that I bought at Walmart, and even though they often didn’t match the scrubs the other nurses and doctors wore, I never got stopped while wearing them.

I took papers off printers (to photograph for my report and return) and sat down at computer workstations to learn the software available since the systems weren’t locked. I walked through all levels of the hospital that were in scope for the test, using elevators and stairwells without finding a locked door and without being questioned.

In this short video, Raxis CEO Mark Puckett speaks about healthcare pentests he’s performed in the past and how the vulnerabilities we find concern us all.

More recently we’ve found hospitals more likely to automatically lock workstations, but with the shortage of healthcare workers and no short-supply of emergency situations, we want to give the healthcare industry every possible advantage to stay secure.

STILL MORE TO DO

Just as hackers are constantly changing and discovering new ways to attack, Raxis also changes in order to keep our customers secure in this ever-changing environment. We offer several options for the healthcare industry, and we created our newest option, PTaaS (Penetration Testing as a Service), in order to help our customers who have their eye on the strongest security possible today.


Bonnie Smyre

Also by Bonnie Smyre

Human Vs AI Pentesting

While AI tools offer speed in detecting known vulnerabilities, they fall short with 20-35% false positives and only 50-65% success on complex threats like business logic flaws, as per mainstream reports from Verizon and OWASP. Human penetration testers at Raxis deliver 85-90% detection rates, precise prioritization, and ethical adaptability, ensuring your organization stays ahead of real-world attacks.

Partner With Raxis

Partnering with Raxis empowers your business with elite penetration testing services, competitive reseller pricing, and recurring revenue opportunities, all backed by a proven track record of excellence and a commitment to staying ahead of evolving cybersecurity threats.

Penetration Testing

Tailored, expert-led penetration testing services that uncovers hidden vulnerabilities using real-world hacker techniques, providing actionable insights to strengthen your defenses and protect against sophisticated cyber threats.

Ready To See Raxis One In Action?

See how we transform traditional pen testing into interactive security intelligence that keeps you informed every step of the way. From real-time attack progression to detailed remediation guidance, Raxis One gives you unprecedented visibility into your security posture as it’s being tested.