contact@scnsoft.com en flag +1 214 306 68 37
en flag +1 214 306 68 37
Contact us
Network Pentesting of 2,000 IPs for a HIPAA-Compliant Healthcare IT Company

Network Pentesting of 2,000 IPs for a HIPAA-Compliant Healthcare IT Company

Industry
Healthcare, Software products

Customer

The Customer is one of the leading US healthcare IT companies. They provide cloud-based EHR and telehealth solutions to medical professionals across the globe.

Challenge

The Customer puts great efforts into preventing HIPAA compliance breaches and service downtimes that can be caused by cyberattacks. As one of the key steps in their security management plan, the Customer undergoes quarterly security testing of their network. Satisfied with previous security testing services provided by ScienceSoft, the Customer reached out to ScienceSoft’s team again to perform network penetration testing.

Solution

To simulate real-life cyberattacks, ScienceSoft opted for black box penetration testing. The testing engineers assigned to the project had no prior knowledge of the Customer’s network.

ScienceSoft’s security team conducted pentests targeting ~2000 IPs, and evaluated the overall network security level as medium. Due to the Customer’s consistent and efficient vulnerability management, their network was free of severe vulnerabilities. However, the testers still detected a few security issues that required fixing to ensure top-level protection of the IT network: a load balancer disclosing IP information, an insecure SSL encryption, outdated TLS in use.

ScienceSoft’s security experts provided the Customer with a detailed guidance on network vulnerability remediation. The corrective measures included:

  • Encrypting cookies that disclosed confidential information about the internal infrastructure.
  • Disabling weak hashing algorithms of a SSL certificate.
  • Using the latest TLS version.
  • Disabling unused public ports to reduce the network attack surface.

ScienceSoft’s security testing team used the NIST 800-115 methodology and classified detected vulnerabilities according to the NIST CVSS. The whole penetration testing project took 24 days from planning and execution to analyzing the results and reporting.

Results

The Customer received a comprehensive report on the performed penetration testing activities and their results, including a remediation plan for the revealed security issues. The Customer’s security team was able to fix the found vulnerabilities in time and achieve a high level of network security.

Technologies and Tools

Nessus, Burp Suite, Nmap, SSLScan, sqlmap, cURL, dirb, Wireshark. Custom scripts (Python, PHP, JavaScript and Perl-scripts for the exploitation of vulnerabilities).

Have a question to our team or need help with your project?

Our team is ready to provide client references, estimate your project, or answer any other question related to your IT initiative.

Upload file

Drag and drop or to upload your file(s)

?

Max file size 10MB, up to 5 files and 20MB total

Supported formats:

doc, docx, xls, xlsx, ppt, pptx, pps, ppsx, odp, jpeg, jpg, png, psd, webp, svg, mp3, mp4, webm, odt, ods, pdf, rtf, txt, csv, log

Get in touch instantly

Call us Live chat WhatsApp Email us

More Case Studies

Share:

facebook twitter linkedin