Amy & Associates

v26 Labs is an innovation-driven healthcare information security company. As a Microsoft Partner company for healthcare, we provide innovative solutions to organizations to protect electronic health records and patient and staff data by identifying weaknesses in physical, technical and human-based security controls before criminal attackers can exploit them. From administrators to hospital house officers and ancillary staff, staff members are often the first line of defense. 

We provide security awareness training that focuses on mitigating the threat of social engineering attacks, such as spear phishing, that lead to ransomware and other attacks. We help organizations prioritize security and data protection to maintain public trust and confidence, prevent irreparable damage to their reputations and remain competitive. We provide a rare blend of security expertise in testing application security controls for the Windows Pro and Enterprise environments including Windows Server, Cloud, Azure, and Microsoft 365, as well as Microsoft Health AI and Cloud. 

v26 Labs is active in its Microsoft partnership, and collaborates with Microsoft's Artificial Intelligence and Research division, and with Microsoft's cloud computing team to create and improve security-specific tools. v26 and Microsoft researchers take an open-source approach, sharing our work with other healthcare IT researchers and partners. 

By 2025, more than 20 million patients will have their PHI and clinical data protected by v26 Labs.

Technical Security

We are experts in spear phishing and ransomware attacks, and are called upon to advise, train and test organizations on social engineering vulnerabilities. With these attacks, threat actors can even breach your internal network and take over critical equipment such as cardiac monitoring and IV infusion pumps in addition to PHI and other critical data and equipment.


As a Microsoft Partner company, we specialize in the testing of your organization's Microsoft software applications. Microsoft software includes web applications, applications that run on internal networks, and applications that run on end-user devices and remote systems. This includes Microsoft Health AI systems, Microsoft 365, and Cloud services. 

Physical Security

If we can compromise your physical security, including patient floors and restricted access areas such as radiology suites, we can compromise your IT. If we can compromise your IT, we can compromise your most sensitive and valuable data. If we can, so can the bad guys.

Social engineering is a hacking technique that uses deception, manipulation and influence to get a human target (staff or even patients) to comply with the request of an attacker. That seemingly simple and harmless request lets an attacker into your network. Most cyber attacks begin with a technique known as spear phishing. Social engineering is the easiest way for an attacker to get in, and it's the most difficult for an organization to defend against. These attacks are extremely successful; our team at v26 maintains a 100% success rate when it comes to simulating social engineering-based attacks along with technical exploits. We will walk you through this process, tell you what it is, how it works, and how we can help you and your organization mitigate these types of attacks. 

There is one universal way to prevent the cyber attacker from being successful: think like a cyber attacker. Cyber attacks are implemented against both specific and random organizations, services, and individuals to obtain private, technical and institutional information, and other intellectual assets for the purpose of vandalism or monetary gain. Healthcare organizations are particularly targeted for patient protected health information (PHI).


There were nearly 1500 reported healthcare data breaches and cyber incidents between 2018 and 2019. While 42% of healthcare data breaches were committed by outside attackers, more than 58% were the result of internal actors. This means that healthcare organizations, both large and small, need improved policies and procedures for dealing with current and former employees. Healthcare is the only industry in which internal actors are the biggest threat to an organization. At v26 Labs, we will work with your management and patient care teams to establish and maintain improved security policies and procedures. 


Given that today's advanced attacks can easily bypass most security tools, you may have been breached and not even know it. The following list outlines our services and capabilities: 

• Epic—v26 Labs works nearly exclusively with Epic EHR customers and has a unique ability to work within the Epic ecosystem in combination with Microsoft. This includes Beacon, Cupid, Kaleidoscope, Phoenix, Stork, ASAP, Willow, Epic Anesthesia, Nurse Triage, OpTime, Radiant, ICU Module, and Hyperspace. 

• Applications—Microsoft software application penetration testing ensures application security. This testing plays a critical role to harden any application against potential attacks. Until you undergo simulated attacks that are like a thief trying to steal your information, or a saboteur who wants to erase you and bring you down, you won't know how well, or even if, your organization will survive a targeted attack.

• External Network—External network penetration testing scans your systems against threats from outside, using a public network, and gathers information and performs exploits from outside the perimeter of your network.

• Internal Network—Internal network penetration testing simulates attacks to your system or network from within your walls. Our team assumes the role of a malicious and knowledgeable insider with legitimate access to your network. We simulate threats that could come from a rogue employee, malware, internal hackers, or thieves who have successfully bypassed your physical security and are now hacking you from the inside.

• Telecommunications and VoIP—Public Switched Telephone Networks (PSTN) and Voice over IP (VoIP) penetration testing analyzes the security of your phone systems. VoIP networks are increasingly popular, as they reduce costs, improve quality and simplify management. However, they have addition risks such as call tracking, call data manipulation, listening capabilities and unauthorized wiretapping. Our team assesses authentication mechanisms, and the potential for interception or manipulation for conversations within your telecommunications systems.