Skip links

Medical Safety Network

Proyecto

Auditorías Gubernamentales

Implantación exitosa del software para la gestión del proceso de Auditorías Internas, utilizando AUDITA y AUDITA2.  El software se adaptó a la dinámica y metodología de la Administración.

How they overcame security breaches and strengthened protection through vulnerability scanning.

Industry

Healthcare

Project

Penetration testing

Client

Prestigious healthcare provider, a pioneer established on the American continent with a history of more than 160 years, offering comprehensive health coverage to its more than 190,000 members.

Problem

In an increasingly digitized world, cyber threats have become a constant concern for organizations. Our company, which specializes in providing vulnerability scanning and penetration testing services, encountered a client facing significant security issues within their network.

This healthcare provider had no experience in conducting vulnerability scans or security analyses for their internal or external infrastructure.

Furthermore, the client had experienced some security breaches that compromised the integrity of their technological infrastructure. These breaches exposed confidential customer data, raising major concerns in terms of legal liability and reputation loss.

Their concern was: How secure or insecure are we? How can we find out?

Solution

Datasec, in collaboration with the client’s IT team, proposed a solution to address the challenges by starting with periodic scans to identify potential security breaches. We began by conducting a comprehensive analysis of their network infrastructure, applying advanced vulnerability scanning techniques, and evaluating their exposure to potential attacks.

A pentest was carried out on the organization’s external infrastructure and app reviews, elements that are accessible to anyone on the internet.

Naturally, numerous vulnerabilities with varying degrees of severity were identified, leading to the question of how to manage that volume of findings and how to resolve them.

These aspects go beyond the technical scope of systems and involve management: defining a findings resolution policy based on certain criteria (prioritizing by severity or exploitability level, etc.); communications with developers and/or suppliers; regular meetings to track progress and coordinate re-testing to verify that solutions have been properly implemented.

Impact

Currently, we continue to work with this client, assisting them in achieving a higher level of maturity in the management of their assets and security. We understand that organizations are pulled by various forces, among which the concern for their own security and that of their clients is paramount.