Sometimes we have assessments which we are simply excited to perform. In this case, a 30+ clinic healthcare organization engaged FalconOps to perform a penetration test. Performing these types of assessments is crucial to not only the organization, but thousands of individuals’ PHI data
This assessment was a bit different than what we normally perform, since they fully blocked any external traffic from systems that were not already on their network. We took steps to confirm this, which we validated as correct. However, having well fortified castle walls is not the only thing that is necessary. We want to make it as difficult as possible for an attacker to move laterally in the network.
Thank you very much for completing this review so quickly and providing a very comprehensive review of findings. I am very happy with these results.
As time was of the essence due to the potential sensitive PHI data they housed, our team performed a sub two-week turnaround for their fairly large environment.
Our assessment team is trained to "think and act like criminals" - meaning we consciously put ourselves in the position of saying, "how can we use a given vulnerability to gain further access to systems and data?" This mindset is hard to fully achieve and takes substantial effort on the assessors end to identify all possible methods of use for any given vulnerability.
In the case of this assessment, we were able to identify, validate, and provide high severity findings to ensure that any attacker would have a difficult time moving laterally in the network to find sensitive data.
Below are our suggestions for healthcare organizations to drastically reduce the likelihood of a successful cyber attack.
While there are plenty of other suggestions, we believe these will give you the biggest "bang-for-your-buck"
Our team is composed of former NSA analysts and operators. We have the know-how and will ensure the best price compared to other comparable organizations. Why? Because we care about traditionally under-supported organizations more than our bottom dollar.