Healthcare
HNDL is the headline
Health records live for decades — Mosca inequality almost always holds. Inventory TLS paths without processing PHI.
Why healthcare
Lifetime data shelf-life drives urgency
- PHI confidentiality obligations span decades — highest HNDL exposure.
- Crypto sprawls across portals, APIs, EDI, and email.
- HIPAA audits need crypto control evidence, not verbal assurance.
Frameworks
What privacy officers map to
HIPAA Security Rule
Encryption and crypto control evidence
NIST IR 8547
PQC transition guidance
EU CRA
Connected med-tech (if applicable)
Value
Inventory without PHI in scope
Long-lived PHI + HNDL
Mosca timeline makes exposure undeniable
HIPAA crypto evidence
Framework-mapped signed reports
Sprawling endpoints
Full scan + cloud inventory import
Audit cycles
Monitor drift + reusable evidence
Demo flow
What to show a healthcare CISO
- 1. healthcare-insurer-hndl scenario scan
- 2. HNDL/Mosca on decades-long data shelf-life
- 3. HIPAA control mapping
- 4. Signed evidence — no PHI in scan
Start with a healthcare assessment
PQC scans are TLS/crypto inventory only — no PHI is processed. No BAA required for inventory.