(929) 590-5818 [email protected]
en
en

DAVINTOO: LMS Audit for HIPAA Compliance

Client:
DAVINTOO UKRAINE LLC — a developer of e-learning and analytics software
Industry:
Healthcare
Focus:
Ensuring the security of the LMS Collaborator platform for HIPAA compliance
 
Main challenge:
Identifying critical vulnerabilities in web applications and server infrastructure to prevent leaks of medical and personal data
Market:
International
Services provided:
Gray-box pentesting of web platform, containers, and network
Key Takeaways
  • Strengthened protection of medical PII across LMS modules
  • Ensured HIPAA alignment via full-scope gray-box pentest
  • Increased the platform’s resilience to cyberattacks by 95%
  • Identified 15 vulnerabilities, including 5 critical issues
  • Completed a full security audit and gray-box penetration test of LMS Collaborator
    • 15
    vulnerabilities identified
    95%
    increase in attack resilience
    100%
    compliance with HIPAA requirements
    DAVINTOO: LMS Audit for HIPAA Compliance
    Apr 4, 2025
    14 min
    DAVINTOO UKRAINE LLC was preparing for HIPAA certification and requested a security testing of its LMS platform, which handles sensitive data. Datami performed a full security audit and gray-box penetration test. As a result, after addressing the identified vulnerabilities, LMS Collaborator now fully meets security requirements.

    DAVINTOO UKRAINE LLC  is an international IT company specializing in software solutions for the e-learning sector. Its flagship product, LMS Collaborator, is a web-based platform for learning, communication, and analytics, used daily by over 5,000 users.

    Given that DAVINTOO handles both personal and medical data, HIPAA compliance is critical to ensuring the security of its digital products.

    Objectives and challenges
    DAVINTOO UKRAINE LLC initiated a comprehensive security testing of its LMS Collaborator platform as part of its preparation for HIPAA certification. The primary challenge lay in identifying potential vulnerabilities within the web platform, its applications, and the underlying server infrastructure.
    The project aimed to ensure compliance with international security standards and to reduce the risk of data breaches.
     
    • Conduct a penetration test and security audit of the web platform, servers, and web applications.
    • Deliver a comprehensive report with recommendations following HIPAA standards.
    • Complete the assessment with maximum accuracy within the defined 4-week timeline.
    icon
    Pentest and security audit
    Gray-box testing of LMS, servers and web applications for vulnerabilities
    icon
    Vulnerability detection
    Threat detection, security enhancement, and risk minimization
    icon
    Report preparation
    Report preparation with recommendations for HIPAA certification
    Datami Methodology: Security Testing for DAVINTOO UKRAINE LLC
    Our approach

    Datami conducted a comprehensive security audit of the internal infrastructure of DAVINTOO UKRAINE LLC, covering the web platform, servers, and applications.

    Regular communication with the client — including weekly status meetings and interim reports — ensured effective task management and rapid incident response.

    To assess risks and identify vulnerabilities, we applied a gray-box approach, conducting tests with partial access to the client's technical documentation.

    We combined manual analysis techniques with automated scanning tools, utilizing Metasploit and Paros Proxy.

     

    Gray-box
    Gray-box
    The team had limited access to internal information — this approach allowed us to effectively combine an external perspective with an internal system analysis.
     
    Key project stages and solutions

    During the project, the Datami team carried out a highly accurate, full-scale security assessment of the LMS Collaborator web platform, servers, and applications. A gray-box approach was chosen for the penetration test, combining both automated and manual testing methods.

    The team made strategic decisions to enhance access control and strengthen the security of web applications.

    Key project stages:

     

    • Preparation
      Review of technical documentation, agreement on the approach, and identification of critical assets for testing.
    • Testing
      Execution of gray-box penetration testing using Metasploit, Paros Proxy, and manual auditing to identify vulnerabilities.
    • Analysis and Reporting
      In-depth analysis of identified risks, and preparation of a report with recommendations for risk mitigation and HIPAA compliance.
    Cybersecurity starts with action
    How we can help you?

    Every cybersecurity case study we solve involves deep analysis, tailored solutions, and measurable results.
    Datami has already helped over 600 companies strengthen their digital defenses — and we can do the same for your business.
    Ready to take action?

    Let’s start with a free consultation!
    Results and recommendations
    Results and recommendations

    At the start of the project, LMS Collaborator was assessed as having a high-risk level due to vulnerabilities in web applications and potential data leaks, posing a threat to HIPAA compliance.

    During the penetration test, the Datami team identified 15 vulnerabilities, 5 of which were critical. Some of these could have been exploited to gain unauthorized access to user accounts or extract sensitive information.

    The client received the following recommendations:

    1. regular security testing and updates;
    2. strengthening access control;
    3. cyber hygiene training for staff.

    After implementing the recommended measures, LMS Collaborator achieved full HIPAA compliance, and its overall security level significantly improved. Two-factor authentication and regular security updates were introduced. All critical vulnerabilities were eliminated within 24 hours of reporting, preventing data breaches, penalties, and reputational damage.

    The project was completed in 4 weeks, outperforming the industry average of 6 weeks.

    Our certificates
    Key project outcomes

    DAVINTOO UKRAINE LLC successfully enhanced the cybersecurity resilience of LMS Collaborator and achieved full HIPAA compliance. The company gained a clear understanding of its threat landscape, a thorough technical audit, and actionable recommendations for strengthening its security systems. All project objectives were met within the planned timeframe.

    This case study demonstrates that security testing and compliance are not just formalities, but essential safeguards against real-world threats and reputational damage.

     

    Aspect
    Before the project
    After implementation
    Security status
    High risk due to critical vulnerabilities
    HIPAA compliance achieved, risks reduced, regular updates implemented
    Critical vulnerabilities
    Potential data leaks and unauthorized access
    5 critical vulnerabilities resolved within 24 hours
    Account compromise risk
    Unreliable authentication
    Two-factor authentication (2FA) and enhanced access control implemented
    Security compliance
    Partial HIPAA compliance
    Full readiness for certification
    Timeline
    Industry standard: 6 weeks
    Completed in 4 weeks
    More success stories with Datami
    Browse other project case studies
    Preparing a smart contract for release on Web3

    Preparing a smart contract for release on Web3

    • The code was prepared for certification.
    • The project was secured against 99% of known threats.
    Services:
    Smart contract audit (White-box source code review)
    Sep 16, 2025
    Web3 Project Random Walk: Smart Contract Audit

    Web3 Project Random Walk: Smart Contract Audit

    • Secure launch on Polygon mainnet ensured within 5 days
    • Risk level reduced from medium to minimal
    Services:
    Smart contract audit (White-Box source code analysis)
    Sep 2, 2025
    Smart Contract Audit of a Web3 Company

    Smart Contract Audit of a Web3 Company

    • The product was prepared for a secure market launch.
    • The risk was reduced from high to minimal.
    Services:
    Smart contract audit (White-box source code analysis)
    Aug 20, 2025
    Back to all cases
    Security image
    Ready to assess your project's security?
    Contact Datami — we’ll help you identify risks, strengthen your cybersecurity, and confidently pass certification.
    Datami articles
    Web Applications Penetration Testing: A Pentest Guide Oleksandr Filipov: Security engineer at Datami, author of articles
    Oleksandr Filipov: Security engineer at Datami, author of articles

    Web Applications Penetration Testing: A Pentest Guide

    Web applications are targeted by attacks every day - from simple scanners to deliberate breaches. To understand how vulnerable a web application is and how to protect it from hackers’ actions, a special assessment is conducted - penetration testing (pente

    Oct 1, 2025
    Microsoft enables email bombing protection Datami Newsroom
    Datami Newsroom

    Microsoft enables email bombing protection

    Microsoft announced a new update to Defender for Office 365 that automatically detects and blocks email bombing attacks. The rollout started in June, and most users will receive the feature by mid-July 2025.

    Sep 12, 2025 3 min
    Cloudflare Repelled a Record DDoS Attack of 11.5 Tbit/s Datami Newsroom
    Datami Newsroom

    Cloudflare Repelled a Record DDoS Attack of 11.5 Tbit/s

    Cloudflare reported that it stopped the most powerful UDP flood DDoS attack aimed at exhausting system resources. In 35 seconds, the attackers flooded the company with traffic at 11.5 Tbit/s.

    Sep 5, 2025 2 min
    Show all articles
    Order a free consultation
    By submitting this form, I confirm that I have read and agree to the Privacy policy
    We value your privacy
    We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Cookie policy