Keeping Information Safe

Our risk assessments are readable, comprehendible and actionable; and we provide the latest solutions for secure wireless migration, disaster recovery planning, and vulnerability protection.

Facebook Icon Linkedin Icon PHA eNews sign-up Share Icon

Working with Purdue Healthcare Advisors helped to validate what Rush Memorial Hospital has done for years as a leader in rural healthcare informatics...mitigate network security risk.

Jim Boyer, CIO/VP Technology, Rush Memorial Hospital

We annually review our policies and practices as they relate to compliance with the HIPAA Security Rule to maintain a robust and solid security foundation. Using a third party to perform a risk assessment is an optimal business practice, because an independent security consultant has a fresh set of eyes to better evaluate the risks and vulnerabilities to the confidentiality, integrity or availability of electronic protected health information.

Bob Havens, Technical Specialist, Hancock Regional Hospital



cyberTAP logo

To consult, assess, educate, train, and guide practices and hospitals in health IT security best practices, PHA turns to cyberTAP, a Purdue University technical assistance outreach program formed in 2019 to meet the growing demand for cybersecurity services and education. cyberTAP offers extensive expertise in health IT security because many of its staff are former PHA security consultants well versed in the security needs of hospital systems, clinics, and small practices. 

Health IT Security

PHA has offered security services since 2012. Affordable rates, an impeccable reputation, and an attention to detail set us apart from for-profit competitors. Last year alone, Purdue experts were onsite at more than 600 healthcare facilities, providing assessments, testing, audits, project management, training, and consulting. In addition to the services we have traditionally offered the healthcare industry (scroll down), cyberTAP introduces Cyber Range Training and other workforce-development options that may be of interest to your healthcare organization's security professionals. The state-of-the-art cyber range provides an immersive, simulated environment for industry partners to develop the next generation of cyber warriors.

To inquire about scheduling cyberTAP to perform your annual Health IT Security Risk Assessment, please submit this online form. To inquire about other CyberTAP services, please contact a member of the CyberTAP team.

Download Flyer Button


SRA Stove Knob InfographicAssessments

Security Risk Assessments (SRA) In preparation for both HIPAA and Meaningful Use audits, we work onsite, interviewing key staff, conducting physical walk-throughs of facilities, and performing the reviews, scans, and assessments necessary to create a realistic security and privacy remediation plan. Our assessment includes:

  • Documentation Review
  • Administrative Controls Review
  • Network Architecture Review
  • Vulnerability Analysis
  • Physical Walk-through
  • Configuration Review
  • Audit Testing

The SRA is a prerequisite for participation in the MIPS Promoting Interoperability (PI) performance category. If you are participating in MIPS, here are answers to some common SRA questions.

External Vulnerability Assessments (EVA) To identify vulnerabilities within your Internetfacing infrastructure and attached network systems. We can manage for risk environment or provide one-time testing. Our remote EVAs include:

  • an external scan of IP addresses;
  • a meta-data analysis of your domain; and
  • a DNS / Whois record review. 

Technology Assessments An onsite assessment of your organization’s hardware, software and network, checking network speed and evaluating laptops/ desktops. Post-assessment recommendations on upgrades are aimed at saving you time and money.

Payment Card Industry Data Security Standard (PCI-DDS) Assessments — This is basically HIPAA for charge cards. If you accept credit cards from a major card brand such as Visa, MasterCard, Discover, and American Express, you are required to be compliant of their data security standard. For most organizations, this means completing an annual self-assessment and attestation, which is a technical and arduous task that we can help make easier.


Phishing Testing — We help clients take a proactive approach to see how many of their employees are susceptible to being victimized by a phishing attack in safe and controlled exercise.

Penetration Testing — How vulnerable is your IT infrastructure to exploitation by external adversaries?  A penetration test actively tests your security defenses and network configurations to find holes before the bad guys do.

Password Audits — Passw0rd! will meet most basic password requirements, but can be cracked in seconds. Passwords are our first line of defense in protecting data and IT assets, and password audits provide evidence that employees are adhering to password-creation best practices.

Consulting/Project Management

PHA will advise you, then equip your team with the tools to facilitate in-house solutions.

  • Encryption Strategies
  • Secure Wireless Migration
  • Disaster Recovery Planning
  • Vulnerability Analysis Implementation

Purdue University, West Lafayette, IN 47907 (765) 496-1911

© 2019 Purdue University | An equal access/equal opportunity university | Copyright Complaints

If you have trouble accessing this page because of a disability, please contact Purdue Technical Assistance Program