Thumbnail image
October 9, 2022
Vulnerability assessment for a large distributed healthcare provider
A healthcare provider experienced an alarming increase in incidents and due to the fragmented nature of their environment had no clear view of their attack surface. An external vulnerability assessment was carried out with manual validation of critical findings. 


During a consultation with a client operating in the healthcare sector, a wider need for an assessment of their public facing infrastructure was identified. They had been facing an alarming increase in incidents and due to the fragmented nature of their environment had no clear view of their attack surface. To help ensure the security of patient data, the client engaged in a programme of work to assess their networks, this was to be carried out in the form of an external vulnerability assessment, with manual validation of any critical findings.


The client has over 200 sites, with many more satellite facilities capable of accessing the corporate network and as a result potentially sensitive data, all these sites fell within the scope of the engagement. 

As each site was managed locally there was no coordinated deployment of technologies or policy across them, leading to difficulty identifying all assets that fell into scope. Reporting and coordination of any remediation efforts needed also to be handled by each site individually.


In an effort to identify all the external infrastructure, and help the client locate any assets they may have been unaware of, a platform was developed that leveraged several open-source tools and information repositories to build a detailed view of the target domain.

Once all assets were identified and the vulnerability assessment could take place the team discovered the following key issues:

  • LDAP vulnerabilities that enabled the team to collect all user accounts.
  • Misconfiguration of workstations that, when paired with the LDAP vulnerabilities, allowed administrator control over almost every workstation.
  • Public access to an office printer, allowing access to the sensitive information being printed and copied.
  • Weak firewall configuration that allowed remote connections to internal machines.
  • Out of date antivirus and a lack of defence in depth, which together could allow covert installation of malicious software and backdoors.

The client was extremely pleased with the results of the engagement, and requested that the team assist with the creation of a centralised function to both manage the remediation efforts, and the security of all sites in the future. 

As a result, all critical findings were closed out quickly and efficiently to immediately reduce the risk to the client. At the same time a larger project was started to address all other flaws identified. 

If you have any questions about this case study, please contact our offensive security team.

Sign up to our newsletter to receive the latest updates