Overview

Sometimes we have assessments which we are simply excited to perform. In this case, a 30+ clinic healthcare organization engaged FalconOps to perform a penetration test. Performing these types of assessments is crucial to not only the organization, but thousands of individuals’ PHI data

Lock down, but not out

This assessment was a bit different than what we normally perform, since they fully blocked any external traffic from systems that were not already on their network. We took steps to confirm this, which we validated as correct. However, having well fortified castle walls is not the only thing that is necessary. We want to make it as difficult as possible for an attacker to move laterally in the network.

Thank you very much for completing this review so quickly and providing a very comprehensive review of findings. I am very happy with these results.

As time was of the essence due to the potential sensitive PHI data they housed, our team performed a sub two-week turnaround for their fairly large environment.

Think like an attacker

Our assessment team is trained to "think and act like criminals" - meaning we consciously put ourselves in the position of saying, "how can we use a given vulnerability to gain further access to systems and data?" This mindset is hard to fully achieve and takes substantial effort on the assessors end to identify all possible methods of use for any given vulnerability.

In the case of this assessment, we were able to identify, validate, and provide high severity findings to ensure that any attacker would have a difficult time moving laterally in the network to find sensitive data.

Our Cybersecurity Suggestions for Healthcare Organizations

Below are our suggestions for healthcare organizations to drastically reduce the likelihood of a successful cyber attack.

  • Penetration Testing at least once a year for both external and internal systems.
  • Multi-Factor Authentication to access network resources and sensitive student information (patient portals, provider systems, etc)
  • Managed Detection and Response on all systems accessing patient data (we offer this as a service starting at $15 per system, per month, with no minimum system count)
  • Phishing & Security Awareness training

While there are plenty of other suggestions, we believe these will give you the biggest "bang-for-your-buck"

Ready to Start? Contact Us!

Our team is composed of former NSA analysts and operators. We have the know-how and will ensure the best price compared to other comparable organizations. Why? Because we care about traditionally under-supported organizations more than our bottom dollar.

Contact us

Similar case studies

Abstract customers share how they manage design systems, scale design operations, and collaborate cross-functionally.

Start securing your business today

Connect with us for a free, no hassle, no sales pitch, and no pressure consultation
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Cost-effective cybersecurity services
World-class team and quality results