HIPAA law requires covered entities to safeguard against “reasonably anticipated” threats to protected health information. With healthcare security breaches making all too frequent headlines, the threat of malicious hacking can certainly be reasonably anticipated. In fact, according to a May 2015 Ponemon Institute study, criminal attacks on healthcare data are up 125% compared to five years ago. In this cyber-war landscape, healthcare organizations have a legal and ethical responsibility to identify and mitigate the likelihood of real-world threats to IT assets and physical security. Penetration testing can strategically position your organization to repel cyber-attacks.