Rapid7 Case Studies Essentia Health Reduces Risk with Nexpose and Metasploit

Edit This Case Study Record

	Essentia Health Reduces Risk with Nexpose and Metasploit Rapid7

Essentia Health Reduces Risk with Nexpose and Metasploit

Rapid7

Technology Category	Cybersecurity & Privacy - Network Security Cybersecurity & Privacy - Security Compliance
Applicable Industries	Healthcare & Hospitals
Applicable Functions	Business Operation Facility Management
Use Cases	Intrusion Detection Systems Regulatory Compliance Monitoring Remote Asset Management
Services	System Integration Testing & Certification
Challenge	Securing the Essentia Health network is a complex task due to its multi-billion dollar integrated health system that spans multiple states and roughly one hundred facilities in the Midwest. The network includes fifty thousand IPs, from facilities to medical device equipment. The security team must locate and resolve high-risk vulnerabilities to safeguard patient data and other critical information. Compliance with HIPAA, HITECH, and PCI DSS adds another layer of complexity. Despite compliance, security holes such as weak credentials and improper patches were prevalent. The team needed a solution to perform thorough testing against all active systems and demonstrate risk to secure necessary resources for a vulnerability management program. Read More
About Customer	Essentia Health is a multi-billion dollar integrated health system that spans multiple states and roughly one hundred facilities in the Midwest. The organization includes a network of fifty thousand IPs, encompassing facilities and medical device equipment. Essentia Health is committed to safeguarding patient data and other critical information, ensuring compliance with industry standards such as HIPAA, HITECH, and PCI DSS. The security team at Essentia Health is dedicated to proactively scanning and addressing vulnerabilities to prevent potential exploitation by malicious attackers. The organization also maintains a steady cadence of medical record rollouts and acquisitions, necessitating robust security measures. Read More
Solution	Essentia Health's security team evaluated various Gartner market leaders and narrowed the options to Tenable, Core Security, and Rapid7. After an in-depth vendor evaluation, Rapid7 emerged as the standout, leading to the adoption of Rapid7 Nexpose Enterprise and Rapid7 Metasploit Pro. These tools enabled the team to validate risk and remediation effectively. The acquisition process became smoother, allowing the team to proactively identify and address potential issues before merging systems. The team gained detailed insights into medical device vulnerabilities and worked with manufacturers to find solutions. The ability to prioritize vulnerability reporting to the IT team improved efficiency, and cross-team collaboration increased with the deployment of Nexpose and Metasploit. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Network Security

Cybersecurity & Privacy - Security Compliance

Applicable Industries

Healthcare & Hospitals

Applicable Functions

Business Operation

Facility Management

Use Cases

Intrusion Detection Systems

Regulatory Compliance Monitoring

Remote Asset Management

Services

System Integration

Testing & Certification

Challenge

Securing the Essentia Health network is a complex task due to its multi-billion dollar integrated health system that spans multiple states and roughly one hundred facilities in the Midwest. The network includes fifty thousand IPs, from facilities to medical device equipment. The security team must locate and resolve high-risk vulnerabilities to safeguard patient data and other critical information. Compliance with HIPAA, HITECH, and PCI DSS adds another layer of complexity. Despite compliance, security holes such as weak credentials and improper patches were prevalent. The team needed a solution to perform thorough testing against all active systems and demonstrate risk to secure necessary resources for a vulnerability management program.

About Customer

Essentia Health is a multi-billion dollar integrated health system that spans multiple states and roughly one hundred facilities in the Midwest. The organization includes a network of fifty thousand IPs, encompassing facilities and medical device equipment. Essentia Health is committed to safeguarding patient data and other critical information, ensuring compliance with industry standards such as HIPAA, HITECH, and PCI DSS. The security team at Essentia Health is dedicated to proactively scanning and addressing vulnerabilities to prevent potential exploitation by malicious attackers. The organization also maintains a steady cadence of medical record rollouts and acquisitions, necessitating robust security measures.

Solution

Essentia Health's security team evaluated various Gartner market leaders and narrowed the options to Tenable, Core Security, and Rapid7. After an in-depth vendor evaluation, Rapid7 emerged as the standout, leading to the adoption of Rapid7 Nexpose Enterprise and Rapid7 Metasploit Pro. These tools enabled the team to validate risk and remediation effectively. The acquisition process became smoother, allowing the team to proactively identify and address potential issues before merging systems. The team gained detailed insights into medical device vulnerabilities and worked with manufacturers to find solutions. The ability to prioritize vulnerability reporting to the IT team improved efficiency, and cross-team collaboration increased with the deployment of Nexpose and Metasploit.

Impact #1	The acquisition process is now much smoother from a network integration point of view, allowing the team to proactively identify and address potential issues before merging systems.
Impact #2	The team gained detailed insights into the risks associated with medical devices and took necessary actions, working with manufacturers to find solutions.
Impact #3	The ability to prioritize vulnerability reporting to the IT team improved efficiency, reducing the need for extensive reports on every system.

Impact #1

The acquisition process is now much smoother from a network integration point of view, allowing the team to proactively identify and address potential issues before merging systems.

Impact #2

The team gained detailed insights into the risks associated with medical devices and took necessary actions, working with manufacturers to find solutions.

Impact #3

The ability to prioritize vulnerability reporting to the IT team improved efficiency, reducing the need for extensive reports on every system.

Benefit #1	98.5% reduction in risk exposure after 8 months of using Metasploit and Nexpose.

Benefit #1

98.5% reduction in risk exposure after 8 months of using Metasploit and Nexpose.

Download PDF Version

Overview

Essentia Health Reduces Risk with Nexpose and Metasploit

Operational Impact

Quantitative Benefit