• caglararli@hotmail.com
  • 05386281520

How does a pentesting engagement change under HIPAA?

Çağlar Arlı      -    26 Views

How does a pentesting engagement change under HIPAA?

I am a intermediate pentester who will soon be conducting a engagement with a hospice. This is my first engagement with a network where HIPAA is involved, and I am researching how this may affect my statement of work. My research so far has only turned up Google-SEO-optimized copywriting garbage, but I will keep looking. How is the workflow different from a pentest with no HIPAA-protected information?

  • Can I still use tools such as nmap or popular Github scripts such as WinPEAS/LinPEAS? These are technically third party scripts that I haven't read the source code of (even though I trust them).
  • Are there certain common actions I am forbidden from doing? Are there extra actions I need to make sure I do?
  • Is there any important changes in operation that I haven't described here?

I know this isn't official legal advice.