Bend IT SolutionsIs your medical office's email spoofable?
A free, outside-in security check for small clinics. Enter your domain and we'll read your public email and web settings — the same things any attacker can see — and grade them against the HIPAA Security Rule. We never touch your network, and your IT provider doesn't need to be involved.
Want the full picture — and a report you can hand an auditor?
This free check covers your public email and web hygiene. The paid monitoring adds a recurring scan, exposed-service checks, a self-assessment for the administrative safeguards, and a HIPAA-mapped report for your records. For what's inside your walls — patching, antivirus, backups — I come on-site. I'm local, in Bend, and I specialize in small medical offices.
Talk to a local HIPAA-focused IT person →This is a security-posture check, not a guarantee of HIPAA compliance. It reads only public, outside-in signals (DNS and TLS) for the domain you enter and maps them to the HIPAA Security Rule's Transmission Security and Access Control safeguards. It cannot see inside your network — workstation patching, antivirus, backups, and your full risk analysis require an internal review. This is not legal or compliance advice.
Why email spoofing matters for a medical office
Most breaches at small clinics start with email. If your domain has no SPF or DMARC record, anyone can send mail that looks like it came from your front desk or your doctor — a direct route to phishing your staff, your patients, or your billing. These records are free to publish and take minutes to fix, but most small offices never have.
What an outside-in check can and can't tell you
From the public internet we can confirm whether your email is spoofable, whether mail and web traffic are encrypted, and whether your site's certificate is valid. We can't see your internal network — that needs a hands-on review. The free check is the fast first look; the on-site visit is for the rest.