A Framework for Open Source Intelligence Penetration Testing of Virtual Health Care Systems

There is a need for affordable, accessible ethical penetration testing methodologies in the online health care industry. In this paper, we propose and experimentally demonstrate an approach for initial ethical penetration testing of remote health care services based on free, open source tools and open systems intelligence. We develop an approach which concentrates on the most common health care vulnerabilities (social engineering attacks, network-based attacks, and website attacks) using OWASP ZAP, Nmap with Firewalk, and various other tools. Experimental results of penetration testing on a production level mental health care provider are presented. The effectiveness of different approaches is compared, and we enumerate common vulnerabilities and recommend mitigation techniques.