We worked with the team at NIPRO Digital to continue securing their application against any malicious actors. We had worked with them previously and are continuing penetration tests on a yearly basis. Our tests are a key element in the ISO27k certification regarding information security in healthcare. The tests conducted on NephroFlow are done under our White and Grey Box penetration testing services.
We tested both the traditional and mobile application of NephroFlow. As a system designed for use by both medical professionals and patients, we had to ensure the utmost security in authentication and information security between users. And as an application directly linked to a medical device, it connects only with the server and has no control over the machine itself.
We tested for a number of functionalities and flaws, such as:
- Privacy of patient data
- Access controls (access rights of different users)
- Authentication and authorisation
- DOS protection
- Business logic flaws
- Intellectual property protection (proprietary algorithms integrating with private vendors)
We discovered an array of key vulnerabilities which were marked as high priority by the team at NIPRO Digital. We delivered a full and comprehensive report and the vulnerabilities were patched. We will be following up in the next twelve months to conduct another iteration of testing.