Migrating from 42Crunch to middleBrick for HIPAA Security Rule alignment

The HIPAA Security Rule focuses on administrative, physical, and technical safeguards for electronic protected health information. middleBrick maps findings directly to the rule by surfacing issues related to access control, audit controls, integrity, and transmission security. The scanner evaluates authentication mechanisms, session handling, encryption in transit, and error handling that can expose or leak protected health information.

middleBrick operates as a black-box scanner, requiring no agents or code access. It validates controls described in the Security Rule by checking authentication bypasses, insecure transmission paths, missing integrity checks, and unsafe data exposure. Each finding includes severity, a technical description, and remediation guidance that can be used as audit evidence. Supported methods include GET, HEAD, and text-only POST for LLM probes, and scans complete in under a minute.

For environments that require authenticated scans, the Starter tier and above support Bearer, API key, Basic auth, and Cookie-based authentication. A domain verification gate ensures that only the domain owner can run authenticated scans, using DNS TXT records or an HTTP well-known file. The scanner sends only read-only methods and restricts forwarded headers to Authorization, X-API-Key, Cookie, and X-Custom-* headers.

middleBrick parses OpenAPI 3.0, 3.1, and Swagger 2.0 definitions with recursive $ref resolution. It cross-references spec definitions against runtime behavior to identify undefined security schemes, deprecated operations, missing pagination, and sensitive fields that should not be exposed. This helps teams compare documented intent with observed behavior to address gaps relevant to audit evidence.

The Pro tier adds scheduled rescans every 6 hours, daily, weekly, or monthly. It detects diffs between scans, highlighting new findings, resolved items, and score drift. Alerts are rate-limited to one per hour per API and delivered via email. HMAC-SHA256 signed webhooks notify external systems, with auto-disable after 5 consecutive failures to prevent alert storms.

middleBrick does not fix, patch, block, or remediate findings. It does not perform active SQL injection or command injection testing, as those require intrusive payloads outside the scanner scope. It does not detect business logic vulnerabilities, blind SSRF, or replace a human pentester for high-stakes audits. The tool surfaces findings relevant to HIPAA-related audit activities, but it does not certify compliance or guarantee adherence to any regulatory framework.