Vulnerability Assessment

is a rigorous evaluation of a healthcare organization’s vulnerability to reasonably anticipated threats to electronic Protected Health Information (ePHI).

The assessment includes a comprehensive vulnerability scan of internal and external environments, along with a report that outlines a prioritized list of vulnerabilities and recommended actions for remediation.

Vulnerability assessment is the process of defining, identifying, classifying, and prioritizing vulnerabilities in systems, applications, and networks. It provides an organization with the needed visibility into the risks that exist concerning external threats designed to take advantage of vulnerabilities. At a tactical level, the vulnerability assessment process can help organizations identify potential methods of unauthorized access by which threats can gain entry to the organization’s network. Assessments (and fixes based on the results) need to be performed before the vulnerabilities found can be exploited.

Starryone Health Security works closely with healthcare organizations to ensure that vulnerability scan data is both meaningful and actionable, including recommendations for improvement and strategies for reducing vulnerabilities within existing patch management programs.

What is our security vulnerability assessment process?

The security vulnerability process consists of five steps:

Vulnerability identification: 

Analyzing network scans, pen test results, firewall logs, and vulnerability scan results to find anomalies that suggest a cyber attack could take advantage of a vulnerability

Vulnerability analysis:

Decide whether the identified vulnerability could be exploited and classify the severity of the exploit to understand the level of security risk.

Risk assessment: 

Assess which vulnerabilities will be mitigated or remediated first based on their wormability and other risks.


Update affected software or hardware where possible.


Decide on countermeasures and how to measure their effectiveness in the event that a patch is not available