Securing Healthcare SaaS Provider

Case Study : Mid-Sized Healthcare SaaS Provider - Gaining Visibility into Internal

Client Profile

A fast-growing SaaS company in the healthcare technology space, servicing over 200 hospitals and clinics across Australia with electronic health record (EHR) and telehealth platforms.

Challenge

With rapid growth and recent onboarding of enterprise clients, the organization needed to evaluate its internal security posture, including workstation configurations, employee access controls, and lateral movement potential.

Cressel's Approach

A tailored internal penetration testing engagement was launched, simulating a compromised employee endpoint. The assessment focused on Active Directory security, internal privilege escalation paths, and data exfiltration simulations.

Key Findings

Cressel’s team identified multiple areas where default configurations, weak service accounts, and lack of segmentation could be exploited. A particularly critical finding involved access to sensitive patient data that could be reached through poorly secured service integrations.

Impact and Outcome

Cressel provided a prioritized roadmap for fixing identified issues and conducted executive briefings to explain business risks in plain terms. Follow-up assessments confirmed that risk exposure had significantly decreased.

Results

Reduced internal attack surface by over 70%

Enabled compliance readiness for ISO 27001 and HIPAA

Increased board-level visibility into cybersecurity risks

Prev Project
Next Project