HealthTech

Patient platforms, payer integrations, and clinical data exchanges tested with PHI handling and consent flows as first-class targets.

Three named threats we test for

1. 01

   PHI tenant bleed via IDOR

   Patient, encounter, and document endpoints tested across tenants, roles, and care-team scopes for records that leak across customers.

2. 02

   HL7/FHIR injection

   Message-level fuzzing of FHIR resources and HL7 v2 feeds for parsers that mishandle nested references, terminologies, and bundle transactions.

3. 03

   Consent-revocation bypass on data-sharing endpoints

   Patient-portal opt-outs, research-consent flags, and third-party app authorisations tested for stale tokens that keep data flowing after revocation.

1. 01

   Scope and threat-model

   Engagement lead walks the platform with your engineering and compliance owners. Outcome is a written threat model that names PHI flows.

2. 02

   Manual exploitation

   Researchers attack tenant boundaries, FHIR endpoints, and consent state by hand. Tools assist, they do not lead.

3. 03

   Chained-finding write-up

   Every report shows the path from entry to PHI impact, with reproduction steps a developer can replay against a sanitised dataset.

4. 04

   Retest and sign-off

   Fixes are retested against the original exploit chain. CISO gets a signed letter ready for HIPAA evidence and HITRUST audit packets.