PEN TEST CYBER OFFER
PenTestNZ gives your practice cyber confidence
The PenTestNZ GP cyber security offer is an independent cyber security check for general practices. It involves experienced cyber security professionals testing your practice’s digital systems from the outside, in the same way a real attacker would. The aim is to identify genuine weaknesses that could put patient information or practice systems at risk. Learn more about PenTestNZ.
The offer aligns with the intent of the Security Checklist for Primary Care. It’s not a paperwork exercise or a tick‑box assessment. It focuses on real‑world risk. Depending on what you choose, the testing can include your:
Website and internet‑facing systems
Network security
Microsoft 365 setup (including email and access controls)
Staff response to phishing emails (optional)
At the end of the process, you receive a clear written report explaining what was found, why it matters, and what should be fixed.
Discounted package and add-ons:
The recommended package includes the CyberScient.com Self-Assessment of Cyber Risks, External Network Pentest, and Dark Web Risk Assessment for $2,985 ($995 discount!)
Available discounted add-ons include:
Cloud risk assessment for $2,242.50 ($747 discount!)
Phishing simulation for $367.50 ($122 discount!)
Firewall Security Configuration Assessment for $1,117.50 ($372 discount!)
Internal Network Pentest for $4,492.50 ($1,497 discount!)
Read more about what these assessments and activities do in the drop down below.
Reasons why practices take up this offer
Most practices want to know two things: Are we actually at risk? Can we show we’ve taken reasonable steps to protect patient data? This offer helps answer both. Cyber incidents in healthcare most often happen because of simple issues — misconfigured systems, weak settings, or someone clicking a convincing email. These problems are rarely obvious from inside the practice.
By using independent experts to check your systems, you gain confidence that:
Obvious weaknesses have been identified
Your systems are not unnecessarily exposed to the internet
Your current settings align with common best practice
You have evidence that reasonable steps have been taken
The report can support practice risk registers, governance discussions, conversations with your PHO, funding or audit requirements, and reassurance for owners, partners and managers.This assessment does not guarantee that nothing will ever go wrong, but it puts your practice in a much stronger position to prevent avoidable issues and demonstrate due care.
Find out more:
-
PenTestNZ is a New Zealand‑based cyber security company that specialises in penetration testing — commonly known as “pen testing”. Penetration testing means safely attempting to break into systems to see what a real attacker could access, without causing harm. PenTestNZ works with health, education and critical public‑sector organisations and has experience testing environments similar to general practices. They operate independently, which means the findings are objective and trusted by external stakeholders. PenTest is a brand of AlterSec: Managed Security Service Provider
-
1. Managing Cyber Risk (Standard 1)
What doctors usually worry about: “Do we know our risks, and can we show we’ve taken reasonable steps to mitigate them?”
What this offer gives you:
Independent experts look for real weaknesses that attackers could actually use
External testing of your website, internet connections, and (if chosen) Microsoft 365
A clear report you can put into your risk register or board papers
You’ll gain confidence that your cyber risks are understood and documented. But you still need to decide who owns cyber security and what actions to take.
2. Staff Awareness & Phishing (Standard 2)
What doctors usually worry about: “Will someone click the wrong link and expose patient data?”
What this offer gives you:
A safe, controlled phishing test to see how staff actually respond
Reporting that shows whether staff click, ignore, or report suspicious emails
Evidence that training and reminders are (or aren’t) working.
You’ll gain strong confidence in how staff behave in real situations. However, ongoing training still needs to be provided and reinforced by the practice or PHO.
3. Protecting Practice Systems & Data (Standard 3)
What doctors usually worry about:“Are our systems exposed or poorly set up and we are exposed to a possible security breach?”
What this offer gives you:
Checks that your internet facing systems are not accidentally open or misconfigured
(If chosen) a review of Microsoft 365 to confirm access, email, and security settings
Identification of weak settings, old configurations, or risky exposure
You’ll gain strong confidence that your systems are not obviously exposed. This doesn’t replace day today IT support or equipment replacement decisions.
4. Secure Setup of Systems (Standard 4)
What doctors usually worry about: “Are things set up properly, or just left on default settings?”
What this offer gives you:
Independent review of firewall and system security settings (if chosen)
Testing to confirm unnecessary access and services are turned off
Written evidence that systems meet common best practice expectations
You’ll gain strong confidence that systems are securely configured.
You still need processes for approving changes and keeping settings up to date. -
This service does not replace practice leadership, internal policies, staff training, IT support, incident response planning, or cyber security insurance. It identifies risks and provides independent advice. Decisions about what to fix, when, and how remain with the practice.
-
Using this PenTestNZ GP cyber offer shows that a practice has taken sensible, independent steps to understand and reduce cyber risk. It provides evidence that external threats, staff phishing risk and system security have been reviewed by specialists, while recognising that overall responsibility still sits with the practice.
