15 critical security flaws in the well-known US healthcare website were found by VSEC.

Case study VSEC - BLOG

Errors were discovered while applying VSEC’s Pentest service to a well-known American healthcare website, resulting in the discovery of 4 critical vulnerabilities, 3 serious breaches, and 8 possible flaws. Experts from VSEC quickly addressed all of these issues in the following two weeks, allowing businesses to move forward without worry…. Last June, VSEC received a contact from the city of Washington, USA. A company has requested that we investigate the safety of their website (their primary point of contact with customers) to ensure the complete safety of all data and assess any potential threats. VSEC promptly began developing the client’s system after evaluating their website!

About customers

Our clients are professionals in the medical industry who deliver cutting-edge, practical, and patient-centered healthcare solutions. Customers have demonstrated, from a new angle, that the health care industry must consider not just external health issues and hazardous substances, but also internal elements and potentials. It has left a lasting impression on many people and has contributed to the rapid expansion of our clients’ businesses. The customer’s annual sales have surpassed $17 million, and they have earned numerous honors for their success, including being named one of Inc. magazine’s Top 500 Outstanding Development Enterprises in 2016 and one of Seattle Business Magazine’s Top 100 Best Businesses to Work for in 2014–2016. 

Challenge

After ten years in business, clients have amassed a vast quantity of data on their servers. When a company relies heavily on technological resources, it is its most valuable asset. The publicly available website serves as the main entry point to the data warehouse. The security measures taken by the customer to protect their website are the determining factor in whether or not their data will remain secure. Clients need to do research on the organization, on the needs and goals of many people, and on the specific area of health care they need help with in order to come up with each plan, program, and suitable health care. While this is great for customers, it also means that cybercriminals will have more opportunities to steal sensitive information. In order to prevent the misuse of the customer’s resources and the revelation of sensitive information, it is imperative that the website’s security be verified. The customer is a small to medium-sized business, thus it has few available employees and no IT security experts. Client saw the value of VSEC’s Pentest Penetration testing service and contacted the company after searching for it online. Many strict regulations, such as BASEL, PCI/DSS (Payment Card Industry Data Security Standard), and others, have been enacted by the host country’s state-owned bank to protect information security. Each member of the technical team carries numerous tasks. Information security evaluation and testing is typically outside of their capabilities because of the sheer diversity and volume involved. Banks need to ensure they are in compliance with the ever-changing set of regulations that govern their industry. 

Solution

Access to the primary website account login page, the user management center login page, and the support partner website login page are all validated by VSEC. In order to evaluate the security of its customers’ systems from the outside without having any prior knowledge of the system, VSEC employs the Black Box method in Pentest through these three portals. Specifically, VSEC professionals take on the role of attackers, mimicking actual attack methods in an effort to locate vulnerabilities in websites. After two weeks of testing, specialists identified fifteen separate flaws. After the service is complete, VSEC generates a report and hands off implementation to the client, along with suggestions for corrective measures and preventative measures.

Benefits of the service

Pentest is known to have a lot of benefits. One of them is rapid rollout with little information collected from end users. It also helps reduce the overall cost of security and the time needed to patch security vulnerabilities in data systems. Customers have been motivated to learn more about VSEC and its services by these factors. And after experiencing its benefits firsthand, customers are ecstatic, praising Pentest for its ability to cut down on investment costs in the system, protect against most vulnerabilities, and lessen the severity of any damage that does occur, plus create a more streamlined workflow.