• Close

    Keep patients' medical information safe from loss or theft

    The Health Insurance Portability and Accountability Act (HIPAA) protects the privacy and security of personal health information (PHI). Any healthcare organization that stores, processes, or transmits PHI must be compliant with HIPAA requirements, including any business associates that perform functions or provide services on their behalf.

    The HIPAA Security Rule lists a set of security standards with implementation requirements designed to safeguard PHI in electronic form (ePHI). These standards are grouped into five categories: administrative safeguards, physical safeguards, technical safeguards, organizational requirements, and policies and procedures.

    Criminal attacks on healthcare organizations are up 125% compared to 5 years ago.
    Ponemon Institute, May 2015


    Know your network and identify weak points

    Know your network and identify weak points

    Use Nexpose to conduct a thorough assessment of risks across vulnerabilities, configurations, and controls, and prioritize risks for remediation based on threat exposure and business impact. Automatically audit your systems for compliance with secure configurations, password policies, and access control requirements.

    Test effectiveness of your security controls

    Test effectiveness of your security controls

    Simulate real-world attacks against your defences and evaluate the effectiveness of security measures at protecting ePHI with Metasploit. Closed-loop integration with Nexpose enables you to validate the exploitability of vulnerabilities in Metasploit and automatically prioritize for remediation in Nexpose.

    Monitor privileged accounts and detect compromise

    Monitor user behavior and manage security incidents

    InsightIDR provides the ability to tag systems containing ePHI as “restricted,” then monitors all activity on these systems for unauthorized access. Leverage user behaviour analytics to detect security incidents and accelerate investigations with instant user context, endpoint interrogation, and advanced search capabilities.

    Assess web applications for vulnerabilities

    Assess applications for vulnerabilities

    Use AppSpider to dynamically scan your web, mobile, and cloud applications for vulnerabilities (including those that allow unauthorized persons to bypass authentication controls), and generate interactive reports for remediation. Leverage built-in HIPAA reports to quickly identify gaps and demonstrate compliance.

    Evaluate current state against the Critical Controls

    Build an effective security program aligned to HIPAA

    Rapid7's Cybersecurity Services team can perform a full assessment of your security program against HIPAA security standards to help you improve your ability to protect ePHI. Rapid7 can also help you with monitoring your network for threats, penetration testing, security awareness training, and responding to security breaches.

    HIPAA Compliance Guide

    Learn the requirements and steps in becoming HIPAA compliant

    Download Now

    Healthcare Security Pro Panel Video

    Hear from a panel of healthcare security professionals

    Watch Now

    InsightIDR Helps Fulfill HIPAA Specs

    Six examples on how to comply to be HIPAA compliant

     Download now