Download PDF
Rapid7 > Case Studies > Essentia Health Reduces Risk with Nexpose and Metasploit
Rapid7 Logo

Essentia Health Reduces Risk with Nexpose and Metasploit

Technology Category
  • Cybersecurity & Privacy - Network Security
  • Cybersecurity & Privacy - Security Compliance
Applicable Industries
  • Healthcare & Hospitals
Applicable Functions
  • Business Operation
  • Facility Management
Use Cases
  • Intrusion Detection Systems
  • Regulatory Compliance Monitoring
  • Remote Asset Management
Services
  • System Integration
  • Testing & Certification
The Challenge
Securing the Essentia Health network is a complex task due to its multi-billion dollar integrated health system that spans multiple states and roughly one hundred facilities in the Midwest. The network includes fifty thousand IPs, from facilities to medical device equipment. The security team must locate and resolve high-risk vulnerabilities to safeguard patient data and other critical information. Compliance with HIPAA, HITECH, and PCI DSS adds another layer of complexity. Despite compliance, security holes such as weak credentials and improper patches were prevalent. The team needed a solution to perform thorough testing against all active systems and demonstrate risk to secure necessary resources for a vulnerability management program.
About The Customer
Essentia Health is a multi-billion dollar integrated health system that spans multiple states and roughly one hundred facilities in the Midwest. The organization includes a network of fifty thousand IPs, encompassing facilities and medical device equipment. Essentia Health is committed to safeguarding patient data and other critical information, ensuring compliance with industry standards such as HIPAA, HITECH, and PCI DSS. The security team at Essentia Health is dedicated to proactively scanning and addressing vulnerabilities to prevent potential exploitation by malicious attackers. The organization also maintains a steady cadence of medical record rollouts and acquisitions, necessitating robust security measures.
The Solution
Essentia Health's security team evaluated various Gartner market leaders and narrowed the options to Tenable, Core Security, and Rapid7. After an in-depth vendor evaluation, Rapid7 emerged as the standout, leading to the adoption of Rapid7 Nexpose Enterprise and Rapid7 Metasploit Pro. These tools enabled the team to validate risk and remediation effectively. The acquisition process became smoother, allowing the team to proactively identify and address potential issues before merging systems. The team gained detailed insights into medical device vulnerabilities and worked with manufacturers to find solutions. The ability to prioritize vulnerability reporting to the IT team improved efficiency, and cross-team collaboration increased with the deployment of Nexpose and Metasploit.
Operational Impact
  • The acquisition process is now much smoother from a network integration point of view, allowing the team to proactively identify and address potential issues before merging systems.
  • The team gained detailed insights into the risks associated with medical devices and took necessary actions, working with manufacturers to find solutions.
  • The ability to prioritize vulnerability reporting to the IT team improved efficiency, reducing the need for extensive reports on every system.
Quantitative Benefit
  • 98.5% reduction in risk exposure after 8 months of using Metasploit and Nexpose.

Related Case Studies.

Contact us

Let's talk!

* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.