πŸ”’ Medical & Dental Practice Compliance Audit

EmailMeNow IT Consulting Β· Based in College Station, Texas
Audit snapshot: July 9, 2026 | Next free refresh: January 5, 2027
Auto-detected profile: Medical & Dental Practice (from domain name). Change industry
Report framed for: Medical & Dental Practice β€” change industry

Threat examples and compliance framing adjust per vertical. Re-scanning onemedical.com preserves your current scores.

Law FirmAuto DealershipCPA & Tax FirmTitle & Real Estate OfficeRIA & Financial AdvisorMedical & Dental Practice βœ“Payroll & HR ProviderLocal Government & School DistrictSmall Business

πŸ“§ Domain Email Security Analyzer

Enter a firm URL, domain, or email address to generate a compliance report.

Free scans refresh every six months. Next free refresh on January 5, 2027. Unlock for immediate access.

Free scan refresh locked

Free scans for this domain refresh every six months. Showing results from July 9, 2026. Next free refresh on January 5, 2027.

Unlock the full report ($99) for immediate re-scan access, detailed threat analysis, and remediation steps.

Domain Security Audit: onemedical.com
71%

Overall Compliance Rating

Executive Summary
High Risk

onemedical.com has gaps that may weaken documentation of reasonable cybersecurity safeguards under SB 2610 & federal cybersecurity frameworks and confidentiality-focused duties such as the HIPAA Security Rule. Prioritize the remediation plan below before relying on this configuration as a defensible posture.

Schedule Remediation
⚠ 1 breach notice on file for this domain β€” most recent 2026-06-19

Sourced from public state AG breach-notification portals and breach aggregators β€” not necessarily the domain audited here if it changed hands. Verify against the source before citing.

60
Identity & Spoofing
40
Transport Security
100
Email Infrastructure
Google Workspace (Custom Domain)
100
Website Security
Stack signal: cloudflare β€” unlock for full sender inventory & header analysis
50
Local Endpoint

πŸ“Š Audit Scoring Methodology

This tool uses a weighted algorithm focused on the HIPAA Security Rule and SB 2610 & federal cybersecurity frameworks:

πŸ” Sample from the full report β€” SPF uses SoftFail (~all) β€” spoofed mail may still be delivered

Without strict DMARC (p=reject) and SPF (-all), attackers can email patients as your practice:

Unlock the full report for every control β€” MTA-STS, TLS-RPT, DNSSEC, HSTS, CSP, clickjacking, CAA, security.txt, and endpoint risk β€” each with named incidents and remediation steps.

πŸ”“ Credential hygiene checklist β€” unlock in full report

The paid report adds a step-by-step playbook: Have I Been Pwned check (when you audit by email), MFA rollout, password-manager guidance (we suggest Proton Pass), and Microsoft 365 / Google Workspace compromised-credential settings β€” plus our breach-monitoring guide if exposure is found.

πŸ”’

Detailed Threat Analysis Locked

Your infrastructure reveals specific vulnerabilities regarding the HIPAA Security Rule. Unlock the full report to access actionable remediation steps, granular DNS data, and the tools below.

What's included in the full report ($99)

Everything below unlocks immediately after checkoutβ€”no separate subscriptions.

  • Executive summary & risk profile Full score breakdown, risk label, and compliance-focused summary for practice leadership.
  • Granular DNS & email security analysis DMARC tag detail (rua/adkim/aspf), SPF authorized-sender inventory, DKIM delegation probes, BIMI, MTA-STS enforce status with MX cross-check, DNSSEC, TLS-RPT destinations, and structured CAA analysis β€” each with real-world incident examples.
  • Website & session security review HSTS, CSP, X-Frame-Options, extended security headers, server stack signals, CMS/AMP fingerprint (paid), security.txt (RFC 9116), and lightweight performance/resilience signals with PageSpeed guidance.
  • Top priority remediation plan Ranked fixes with severity, business impact, and implementation effort for your IT team or vendor.
  • SB 2610 / HIPAA Relevance Map Technical readiness mapping tied to applicable sector frameworksβ€”supporting evidence, not legal advice.
  • Raw technical evidence Full DNS records, website header gaps, and probe details ready to paste into tickets or provider consoles.
  • AI compliance research links One-click Perplexity and Google searches pre-filled with your audit findings for the HIPAA Security Rule.
  • Credential breach & hygiene checklist HIBP one-click check when you audit by email, plus plain-language steps: rotate reused passwords, enable MFA, adopt a password manager (we suggest Proton Pass), enable compromised-credential detection in Microsoft 365 or Google Workspace, and link to our breach-monitoring guide if exposure is found.
  • Typosquatting & lookalike domain check One-click Have I Been Squatted lookup for your audited domain β€” find phishing and impersonation domains that could spoof your brand in BEC and wire-fraud attacks.
  • Mail Authentication Verifier Paste raw email headers and cross-check SPF, DKIM, and DMARC results against live DNS (DMARC, SPF, DKIM selectors, MTA-STS, TLS-RPT, BIMI) for your audited domain.
  • Favicon & Brand Icon Suite (90-day access) Protected link to favicon.emailmenow.com β€” generate favicon.ico, SVG, Apple touch icon, PWA PNGs, and site.webmanifest for browser tabs, mobile home screens, and inbox branding.
  • Three SB 2610 compliance PDF guides Delivered by email: general cybersecurity guide, Safe Harbor overview, and tiered requirements detailed guide.
  • Print-ready report & fulfillment email Browser access via secure checkout link, plus a branded email with your full report and included resources.
πŸ›‘οΈ
Privacy-Focused Processing: Free scan summaries for a domain are cached for up to six months so we can limit automated re-scans. Paid unlocks, nonprofit fulfillment, and admin requests bypass that window. Payment, email delivery, security logs, and request metadata may be processed by Stripe, Resend, and Cloudflare infrastructure.
Related Cybersecurity News β€” Medical & Dental Practice
Apple Patches macOS Tahoe, iOS, and Safari β€” 37 WebKit Fixes, 4 Found by AI
Jul 8, 2026 Β· Apple's June 29, 2026 security updates for iOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2 fix 37 unique CVEs β€” mostly WebKit flaws public for weeks. Audits…
Was Lake Region Healthcare Breached? We Scanned Their Domain Security
Jul 7, 2026 Β· Lake Region Healthcare Corporation reported a Texas OAG breach on July 3, 2026 affecting 294 Texans. SSNs and medical records were exposed after May 2025…
Was NLACRC Breached? We Scanned Their Domain Security
Jul 6, 2026 Β· North Los Angeles County Regional Center filed a November 2024 ransomware breach with the California AG on June 30, 2026 β€” a 19-month reporting gap. SSNs,…
See all cybersecurity news β†’
Report prepared by EmailMeNow IT Consulting Β· College Station, Texas Β· (979) 472-3693
emailmenow.com Β· News Β· Articles