HIPAA compliance is a false sense of security

Ask yourself this. Why do so many HIPAA compliant entities fail to stop cybersecurity attacks? We read about them almost daily, in healthcare alone, how organization after organization are getting hit with ransomware. Shouldn’t the work to become HIPAA compliant prevent these attacks from being effective? The answer is no. 

Being HIPAA compliant is a critical step in protecting your organization and your data from violations and attacks, but HIPAA laws were not intended to make your organization cyber secure. The HIPAA laws sufficiently address protecting healthcare data – how you can share it and with whom, for example. Performing the HIPAA required security risk assessment is another foundational step towards being more cyber secure, but it too leaves many stones unturned. Let’s get specific.

An organization can achieve HIPAA compliance without conducting two fundamental security tests – vulnerability testing and penetration testing. A vulnerability assessment can be performed internally and/or externally to determine existing weaknesses in your defenses. Penetration testing, by contrast, attempts to exploit your systems and cause either illicit entrance into your network or shut down access and disrupt operations. Both types of tests offer varying levels of intensity and therefore cost. If you really want to know how secure your network is, you should consider doing these tests.

Acentec now offers both vulnerability testing and penetration testing. These advanced tests will fill in the gaps between your HIPAA compliance and the overall security of your organization. As with all of Acentec’s services, they’re affordably priced to fit into the budgets of our healthcare clients. Give us a call for more details. 

Stay on cyber alert during this holiday shopping/scamming season.


If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.


For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.