Download PDF
Rapid7 > Case Studies > Managed Care Systems Inc. Leverages Rapid7 Pen Testing to Evaluate User Roles and Privileges
Rapid7 Logo

Managed Care Systems Inc. Leverages Rapid7 Pen Testing to Evaluate User Roles and Privileges

Technology Category
  • Cybersecurity & Privacy - Security Compliance
  • Cybersecurity & Privacy - Application Security
Applicable Industries
  • Healthcare & Hospitals
Applicable Functions
  • Business Operation
Services
  • Cybersecurity Services
  • System Integration
The Challenge
MCSI wanted to test the ability of their back end, role-based access controls to curb attempts to elevate privileges. They needed an official way to inform clients and regulators on the security and integrity of their systems, while also satisfying HIPAA standards with a third-party evaluation.
About The Customer
Managed Care Systems Inc. (MCSI) is a small business with 15 employees that plays a vital role in the United States’ healthcare sector. For over 20 years, MCSI has been providing industry-leading automated health claim software designed to put the management and implementation of business processes into the hands of expert end users. MCSI’s flagship Visova offering automates claims processing, enrollment, cost containment, and other benefit management procedures for some of the largest claims handling organizations in the country.
The Solution
The Rapid7 team guided MCSI through recommendations and functional areas to focus on for a role-based pen test. Rapid7 provided a list of requirements explaining where new users needed to be created, as well as detailed information at the beginning and end of each working day to ensure MCSI was fully briefed and up-to-date on the pen testing progress. The resulting pen test report highlighted actionable items for MCSI, providing a granular level of detail into resolutions, further resources, discussion points, and advice to help them prioritize that list.
Operational Impact
  • MCSI was able to leverage Rapid7’s highly actionable and specific report to create internal tickets that resulted in quick vulnerability resolution.
  • The communication between MCSI and Rapid7 ensured that if an issue did occur, the MCSI team could quickly assess and determine if it was the result of the pen testing or some other activity.
  • Rapid7's cautionary notes minimized any unwanted surprises during the process and reassured MCSI of their choice.

Related Case Studies.

Contact us

Let's talk!

* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.