20 Years Military
Healthcare Experience
48 Hour
Turnaround
7 Security
Categories Scanned
$0 Implementation
Cost (Config Only)

Certifications: PenTest+ • Security+ • CompTIA • BSCSIA • MSHCI

Christopher Reaves - Founder

About

Hi, I'm Christopher Reaves.

20 years military healthcare security. I've seen small practices struggle with HIPAA requirements and $30,000 consultants.

So I built this: affordable external security assessments. Plain English reports. Step by step fixes. No jargon, no upselling.

Every report is personally reviewed. You get professional assessment backed by two decades of experience, not an automated data dump.

Certifications: PenTest+ • Security+ • CompTIA • BSCSIA • MSHCI
Experience: 20 Years Military Healthcare Security
Location: San Diego, California

What You Get

7 security categories scanned. Professional report with plain English fixes.

  • Network Exposure

    Port scanning to identify open services. SSH, RDP, and other entry points analyzed for risk.

  • SSL/TLS Configuration

    Certificate validation, encryption strength, TLS version analysis. Weak ciphers identified.

  • Email Security

    SPF, DMARC, DKIM authentication testing. Anti-spoofing and phishing protection analysis.

  • DNS Security

    DNSSEC validation, CAA records, DNS hijacking prevention. Domain security posture reviewed.

  • Security Headers

    HSTS, CSP, X-Frame-Options analysis. Clickjacking and XSS protection verification.

  • Data Exposure

    Public file scanning, directory listing checks. Sensitive data leak detection.

  • Patient Portal Security

    Authentication mechanism review, login security, HTTPS enforcement verification.

  • OCR Audit Documentation

    HIPAA Security Rule mapping (45 CFR §164.312). Compliance gap analysis included.

Important: What This Covers

External security only. We scan publicly accessible systems from outside your network.

You get: External vulnerability ID, HIPAA technical safeguard mapping, OCR audit docs, plain English fixes.

Not included: Complete HIPAA SRA, internal network scans, admin safeguards, physical security, legal advice, implementation.

Use this to: Document external security, support your risk analysis, prepare for OCR audits.

Pricing

Same assessment. Choose your frequency.

One-Time Assessment

$1,499

Single comprehensive scan
Up to 5 external assets

  • Complete external security assessment
  • 20 page professional PDF report
  • HIPAA Security Rule mapping
  • Plain English remediation steps
  • OCR audit documentation
  • Delivered in 24 to 48 hours
Get Started

Quarterly Monitoring

$499/quarter

4 scans per year
Up to 5 external assets

  • Scan every 3 months
  • All one time features included
  • Cancel anytime
Subscribe

Annual prepay: $1,596/year Save $400

Monthly Monitoring

$249/month

12 scans per year
Up to 5 external assets

  • Scan every month
  • All one time features included
  • Cancel anytime
Subscribe

Annual prepay: $2,388/year Save $600

Add-On Services

Verification Scan - $199

Re-scan after implementing fixes. Before/after comparison showing risk reduction. Verify remediation success.

Expert Consultation - $150/hour

One-on-one implementation guidance. Report review session. Prioritization help. Technical Q&A.

Sample Report

See exactly what you'll get. Real report, redacted data.

Frequently Asked Questions

Do I need this if I already have an EHR vendor?

Yes. Your EHR vendor secures their system, but YOUR external-facing systems (website, patient portal, email) need independent assessment. Many insurance policies and EHR contracts require this.

Is this a complete HIPAA compliance solution?

No. This is an external security assessment only. Complete HIPAA compliance requires internal assessments, policies, training, physical security, and more. Use this as part of your comprehensive program.

How long does the scan take?

The actual scan takes 2-4 hours. Report generation and review takes an additional 4-6 hours. You'll receive your complete report within 24-48 hours of purchase.

Will the scan disrupt my systems?

No. Our external scans are non-invasive and read-only. We don't exploit vulnerabilities or attempt to access your systems. However, we recommend notifying your IT team before scanning.

What if I don't have IT staff to implement fixes?

Our reports include plain-English instructions and copy-paste commands when possible. Many fixes are simple configuration changes. For complex issues, we offer consultation at $150/hour or can refer you to qualified professionals.

Do I need a Business Associate Agreement?

No. We perform external scans only and do not access ePHI (patient data). We're a security assessment tool provider, not a Business Associate under HIPAA.

Can I cancel my subscription?

Yes, anytime. Cancellations take effect at the end of your current billing period. No refunds for the current period, but no charges for future periods. You'll receive email reminders 7 days before renewal.

What domains can you scan?

Any publicly accessible domain you own or have authorization to scan. Before each scan, you must sign our Scan Authorization Agreement confirming you have legal authority.

Ready to Get Started?

48-hour delivery. OCR audit ready. Plain English fixes.