Researchpublished

Penetration Testing Report

As an information security analyst at Pruhart Tech, I have been tasked to ensure that the testing plan aligns with the security controls within the information environment of Western View Hospital.

Penetration TestingSecurity AssessmentHealthcare SecurityCompliance Testing

Last updated: April 1, 2025

Quick Links

Project Overview

We will be utilizing Pruhart Tech's information security penetration testing method with the cooperation of Western View Hospital's IT staff to coordinate a safe and complete test within the approved scope. There will be two testing phases: internal assets and external assets. Western View Hospital has made clear the extent of testing that should be done, and the focus will be on the network level and social engineering. This paper will give an analysis of the penetration testing plan, in addition to any recommendations and solutions.

Key Findings

  • Lack of Structured Testing Methodology
  • Insufficient HIPAA Compliance Focus
  • Inadequate Social Engineering Testing Scope
  • Missing Operational Considerations
  • Network Security Vulnerabilities

Tools & Technologies

NmapSETBurp SuiteVishing

Techniques & Methodologies

Network SegmentationWhitelist access controlsNIST SP 800-115

Want to dive deeper?

Check out the full technical documentation and detailed analysis.