Pentest for Telemedicine and Healthtechs
Security for video consultation, EHR, digital prescription, pharmacy integration and wearables.
Why now
The real pain
Telemedicine scaled in 5 years; security did not. Recorded video consultations leaked, manipulated prescriptions, laterally-accessed records, compromised pharmacy integration. CFM, ANS and LGPD don't forgive — fines, license loss and criminal liability for the technical medical director.
Applicable regulation
/attack-surface
Vectors we test in telemedicina e healthtechs
Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.
Video consultation
WebRTC, end-to-end encryption, recording, unauthorized third-party access.
Electronic health record
IDOR between patients, segregation by specialty, integrity of clinical records.
Digital prescription and MEMED
Prescription manipulation, digital signature, ICP-Brasil and counter validation.
Pharmacy/lab integration
Prescription handoff, exam return, result privacy and chain of trust.
Patient app
Mobile, exam photo, OCR, professional conversation and consent security.
Wearables and continuous monitoring
Data integrity, transit encryption, device authentication and clinical alarm.
/methodology
Genuinely manual pentest
Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.
01 · Reconnaissance
Target mapping, OSINT, footprint, sector-specific threat modeling.
02 · Discovery
Deep enumeration, complementary scanning, manual exposure identification.
03 · Exploitation
Manual validation with controlled PoC, finding chaining, escalation.
04 · Report
Executive + technical, step-by-step replication, mapped to applicable regulation.
/why-trust
Who has trusted our work
Post-COVID expansion with acknowledged security deficit and growing regulatory pressure.
Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.
Douglas Lopes
Founder · CEO · intrus.io
/crivo · integrity program
of pentester candidates fail our Crivo screening
Do you know who's getting access to your environment?
NDAs work in court. They don't work day-to-day. Before first access, every pentester on our team passes background, psychometric profile and integrity testing.
- In-depth criminal, fiscal and professional verification
- Psychometric assessment and risk profile
- Practical integrity testing with controlled scenarios
- Fixed team — non-rotating, no 'stranger every engagement'
/faq
FAQ — Telemedicina e Healthtechs
Do you cover ICP-Brasil digital signature?
Yes. We audit the signature flow, prescription integrity and pharmacist validation.
Are wearables in scope?
Yes. When data is used clinically (oximetry, ECG, glycemia), we audit device integrity and channel.
/contact
Ready for a serious pentest in telemedicina e healthtechs?
Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.