Are any MedSecure applications storing passwords in plaintext or with weak hashing? Legacy healthcare applications, custom in-house tools, and vendor systems should all be audited.