About Greene County General Hospital
"vPenTest is incredibly reliable and effective. Previously, we paid around $7K for a one-time manual network pentest just for our hospital. Now, for the same price, we can run penetration tests across our entire network, including all clinics, twice a year."
The Challenge
In healthcare, maintaining a secure network is as crucial as ensuring accurate patient diagnoses. Greene County General Hospital, along with its two sister clinics, relies on a lean internal IT team to meet HIPAA requirements, provide IT support, and safeguard their network from cyber threats. Here are the main IT challenges highlighted by the hospital's Director of IT:
- Finding a Reliable and Cost-Effective Solution: Securing a network penetration testing service that is both affordable and compliant with HIPAA regulations.
- Overcoming Infrequent Manual Testing: Addressing the limitations posed by infrequent and manual network penetration testing performed by external providers.
- Ensuring Comprehensive Coverage: Implementing consistent and thorough network penetration testing across all facilities, not just the main hospital.
- Identifying and Mitigating Vulnerabilities Promptly: Quickly detecting and addressing critical vulnerabilities to safeguard patient data and network security.
"We previously had free pentesting from an external organization, but the brief on-site visits often included irrelevant findings and were conducted only once a year, which was insufficient," the Director of IT explained.
The Solution
Greene County General Hospital turned to Vonahi's automated network penetration testing solution, vPenTest, to tackle these challenges. This solution enabled the hospital to perform frequent and thorough pentesting across all facilities, not just the main hospital. Key benefits included:
- Increased Frequency and Scope: "With your product, we can run a network pentest once a month and have up-to-date results. Our team is now able to fix security issues a lot quicker than we were before," the Director of IT noted, ensuring the hospital stays ahead of potential threats.
- Detailed Reporting: vPenTest provided detailed, easy-to-understand reports that communicated vulnerabilities and remediation steps to stakeholders. " The PDF reports are awesome and the recommended remediation steps are helpful and easy to follow, telling us exactly how to fix the issues," said the Director of IT.
- User-Friendly Interface: The simplicity and efficiency of vPenTest made it more accessible for the IT team to manage and deploy.
The Results
Implementing vPenTest significantly improved Greene County General Hospital’s cybersecurity. Key outcomes included:
- Detection of Unknown Vulnerabilities: Monthly pentesting revealed critical vulnerabilities that were previously undetected or missed. "We discovered that one of our firewalls had telnet still turned on from the initial setup, and a controller on our ubiquity access point had a major vulnerability," said the Director of IT.
- Improved Efficiency: The hospital now conducts segmented network pentests monthly, allowing timely issue resolution before the next pentest, making the process more manageable and a vast improvement over their previous one-time manual approach.
- Cost-Effectiveness: While cost-neutral compared to the previous manual pentest, vPenTest offers significantly enhanced value through more frequent and thorough assessments.
- Justification for Hardware Upgrades: Actionable insights from the pentest provided leverage to justify purchasing newer, more secure hardware. "We used the pentest results to justify buying up-to-date switches and access points without any pushback," the Director of IT added.
Greene County General Hospital’s adoption of automated network penetration testing has been a game-changer in fortifying its cybersecurity defenses. The hospital can now proactively identify and mitigate vulnerabilities, ensuring a safer environment for patient data and overall operations.
