This cybersecurity report assesses a healthcare clinic's IT infrastructure against HIPAA Security Rule requirements. The audit covers administrative, physical, and technical safeguards. Key findings include unencrypted patient data during transmission and weak password policies.
Vulnerability scanning reveals outdated software on three workstations, including an unpatched Windows 7 machine. A penetration test successfully exploited a default credential on a network printer, gaining access to stored patient documents.
Recommendations include implementing full-disk encryption, deploying a password manager with MFA, establishing a patch management schedule, and conducting annual security awareness training. A risk remediation plan with prioritized timelines is provided.
