Find out what hackers already know about your practice.
Right now, automated scanners are probing your website, email servers, and practice management system — looking for open ports, outdated software, and misconfigured email. Submit your domain and we'll show you exactly what they're seeing. Free. 24 hours.
No credit card. No account. Takes 2 minutes.
Six things we check — that attackers check first
Every item is something a real attacker would look for in the first 10 minutes. If we find it, so can they.
Open ports & exposed services
Every publicly reachable port and service — databases, admin panels, remote-access tools left open to the internet.
TLS/SSL certificates
Expired or misconfigured HTTPS certificates that browsers flag as insecure — and that attackers use as an entry point.
Email security (SPF, DKIM, DMARC)
Whether your domain can be impersonated in phishing emails sent to your patients, clients, or staff.
Known CVEs on public-facing systems
Software versions cross-referenced against the CISA Known Exploited Vulnerabilities catalog — the CVEs attackers are actively using right now.
Exposed login & admin pages
Practice management portals, staff login pages, and control panels visible without authentication.
Leaked credentials
Emails and passwords from your domain found in breach databases — before an attacker uses them to log in.
What you receive — within 24 hours
A plain-English summary of what we found. Readable by the practice owner — not just an IT person.
-
Traffic-light severity rating for each finding (Critical / High / Medium / Low)
-
Plain-language description of what each finding means for your practice
-
One specific remediation step per finding — something your IT provider can act on immediately
-
Indication of whether the finding triggers HIPAA, FTC Safeguards, or state breach-notification obligations
Want a full signed audit report meeting HIPAA risk-analysis and FTC Safeguards documentation requirements? That's CyberAudyt ($900). The PreScan is free and separate — no upgrade pressure.
Example finding — Critical
Exposed admin panel — no authentication required
Your practice management portal login page is publicly reachable and indexed. Brute-force protection is not enabled. An attacker with a credential list can attempt logins without triggering a lockout.
Fix: restrict access to your office IP range; enable account-lockout policy.
No DMARC record — domain can be spoofed
Anyone can send email from @yourpractice.com. Your patients and insurance contacts receive no warning. Common in targeted phishing campaigns against healthcare and accounting offices.
Fix: add a DMARC TXT record — 30-minute task for your DNS or IT provider.
Submit your domain — we'll take it from here
Fill in the form. We scan your public-facing infrastructure, write up what we find in plain English, and send it to you within 24 hours. Nothing to install. No access to your network required.
- 01
Submit the form (2 minutes)
Your name, practice name, email, and domain. That's all we need to start.
- 02
We run the scan (24 hours)
External only — we work from the outside exactly as an attacker would. Your systems stay untouched.
- 03
You receive the findings
Plain-language summary delivered by email. If something is critical, we'll call it out clearly with a specific fix.
Questions before submitting? contact@cybercerber.com — we typically reply within a few hours.
Request received!
We'll run your PreScan and send you the findings within 24 hours.
Something went wrong
Please try again or email us at contact@cybercerber.com.
Common questions
Is this really free?
Yes, completely. The PreScan takes us about 30 minutes to run and we send you the summary report at no charge. If the findings are serious and you want a full CyberAudyt ($900), we'll send a proposal — entirely your decision. No sales calls, no follow-up pressure.
Do you need access to my systems or network?
No. The PreScan is 100% external — exactly what an attacker sees from the internet. We need only your domain name. No credentials, no VPN access, no agents installed on your machines. Your operations continue uninterrupted.
What if you find something serious?
You'll know exactly what it is, what risk it creates, and what to do about it. The report uses plain English — no jargon. Critical findings include a specific remediation step your IT provider can act on the same day.
How is this different from a full CyberAudyt?
The PreScan is a free surface-level check: open ports, certificate health, email security config, known CVEs, exposed login pages, and breach-database matches. The CyberAudyt ($900) adds manual verification of every finding, full OWASP Top 10 web-app testing, and a signed PDF report that meets HIPAA and FTC Safeguards documentation requirements.