I can't even imagine a healthcare company acceding to a proactive pentest. Even if it was compared to a vaccination or a routine health check, they still wouldn't do it. The gaping holes in security that would be uncovered. Unreal. No way in hipaa hell. lolwut, find problems that exist in our current system? Our system is fine. It's not broken, so don't break it.