Case Studies · Healthcare · Anonymized

Regional Healthcare: 142 Endpoints, 3 Critical Findings, Zero Downtime

Situation

A regional healthcare organization with 142 endpoints was preparing for a HIPAA review. Their cyber insurer flagged a coverage gap after a questionnaire revealed incomplete MFA coverage and unknown external exposure. Internal IT was lean — one senior admin and an MSP handling day-to-day operations.

Engagement

Blackbox conducted a Security Reality Check covering external attack surface, identity layer, and high-value internal systems. Scope included 3 public IPs, M365 tenant, and AD environment. CEO Alexander Morrow led scoping, validation, and executive debrief.

• Critical: exposed RDP on edge firewall (1 host)
• High: 4 stale enabled domain admin accounts; M365 legacy auth still permitted
• Medium: unpatched SMBv1 on file server; additional identity hygiene gaps

Outcome

The client closed 100% of Critical and High findings within 27 days using Blackbox's prioritized roadmap. Zero unplanned downtime during remediation. They subsequently scoped an internal penetration test to validate fixes, then onboarded BlackboxEDR for ongoing defense.

"Blackbox didn't just find vulnerabilities — they showed us exactly how an attacker would exploit them. The debrief alone was worth the engagement."

— IT Director, regional healthcare organization (identity withheld per NDA)