During a consultation with a client operating in the healthcare sector, a wider need for an assessment of their public facing infrastructure was identified. They had been facing an alarming increase in incidents and due to the fragmented nature of their environment had no clear view of their attack surface. To help ensure the security of patient data, the client engaged in a programme of work to assess their networks, this was to be carried out in the form of an external vulnerability assessment, with manual validation of any critical findings.
The client has over 200 sites, with many more satellite facilities capable of accessing the corporate network and as a result potentially sensitive data, all these sites fell within the scope of the engagement.
As each site was managed locally there was no coordinated deployment of technologies or policy across them, leading to difficulty identifying all assets that fell into scope. Reporting and coordination of any remediation efforts needed also to be handled by each site individually.
In an effort to identify all the external infrastructure, and help the client locate any assets they may have been unaware of, a platform was developed that leveraged several open-source tools and information repositories to build a detailed view of the target domain.
Once all assets were identified and the vulnerability assessment could take place the team discovered the following key issues:
The client was extremely pleased with the results of the engagement, and requested that the team assist with the creation of a centralised function to both manage the remediation efforts, and the security of all sites in the future.
As a result, all critical findings were closed out quickly and efficiently to immediately reduce the risk to the client. At the same time a larger project was started to address all other flaws identified.
If you have any questions about this case study, please contact our offensive security team.
