DAVINTOO UKRAINE LLC is an international IT company specializing in software solutions for the e-learning sector. Its flagship product, LMS Collaborator, is a web-based platform for learning, communication, and analytics, used daily by over 5,000 users.
Given that DAVINTOO handles both personal and medical data, HIPAA compliance is critical to ensuring the security of its digital products.
Datami conducted a comprehensive security audit of the internal infrastructure of DAVINTOO UKRAINE LLC, covering the web platform, servers, and applications.
Regular communication with the client — including weekly status meetings and interim reports — ensured effective task management and rapid incident response.
To assess risks and identify vulnerabilities, we applied a gray-box approach, conducting tests with partial access to the client's technical documentation.
We combined manual analysis techniques with automated scanning tools, utilizing Metasploit and Paros Proxy.
During the project, the Datami team carried out a highly accurate, full-scale security assessment of the LMS Collaborator web platform, servers, and applications. A gray-box approach was chosen for the penetration test, combining both automated and manual testing methods.
The team made strategic decisions to enhance access control and strengthen the security of web applications.
Key project stages:
Every
At the start of the project, LMS Collaborator was assessed as having a high-risk level due to vulnerabilities in web applications and potential data leaks, posing a threat to HIPAA compliance.
During the penetration test, the Datami team identified 15 vulnerabilities, 5 of which were critical. Some of these could have been exploited to gain unauthorized access to user accounts or extract sensitive information.
The client received the following recommendations:
After implementing the recommended measures, LMS Collaborator achieved full HIPAA compliance, and its overall security level significantly improved. Two-factor authentication and regular security updates were introduced. All critical vulnerabilities were eliminated within 24 hours of reporting, preventing data breaches, penalties, and reputational damage.
The project was completed in 4 weeks, outperforming the industry average of 6 weeks.
DAVINTOO UKRAINE LLC successfully enhanced the cybersecurity resilience of LMS Collaborator and achieved full HIPAA compliance. The company gained a clear understanding of its threat landscape, a thorough technical audit, and actionable recommendations for strengthening its security systems. All project objectives were met within the planned timeframe.
This case study demonstrates that security testing and compliance are not just formalities, but essential safeguards against real-world threats and reputational damage.
This incident occurred back in 2017, but cybersecurity experts are still studying it in detail. This case features a series of classic security failures – serving as a clear example of what not to do.
Today, all it takes to take over a car is a computer. That’s exactly what hackers demonstrated at a special competition - they hacked a Tesla in just 120 seconds, and the result became a true sensation.
Today, nearly every business is closely connected to the internet: websites, mobile apps, cloud data storage, electronic payments, and more. This brings great convenience, but at the same time, it introduces additional risks and potential financial losses