Scope:

CCI Health Services enlisted our expertise for a comprehensive cybersecurity assessment to enhance their readiness to respond to security events. This collaboration included the following:

• Locations: 13 in Maryland
• Servers on AWS: 18
• Endpoints: 418
• Access Points: 78
• Firewalls: 1

Vulnerability Assessment

• Coordinated with key personnel at CCI Health Services.
• Conducted vulnerability assessment, penetration testing, and an external attack surface review utilizing a black-box penetration test approach on all accessible IPs from the network entry point.
• Implemented a meticulous attack surface review, sampling 15 CCI access points across all locations.

Tabletop Incident Response Exercise

• Evaluated CCI’s cyber crisis processes and proficiency in responding to cyber-attacks through a structured tabletop exercise, followed by a lessons-learned session to enhance cybersecurity processes.

Cloud Services Security Review

• Conducted a cloud services security review to identify applications running on the CCI Health networks, with detailed interviews with key stakeholders across different business units.
• Presented a detailed Cloud Services Security Report reconciling interview and application data.

Cybersecurity Risk Assessment

• Conducted a thorough risk assessment involving key personnel interviews across various business units, with a focus on analyzing inherent risk factors from qualitative and quantitative perspectives.
• Delivered a Risk Assessment Executive Summary encapsulating the assessment results.

Key Issues and Challenges:

• Collaborating closely with CCI Health Services to ensure the inclusiveness and accuracy of the security assessment.
• Identifying and exploiting vulnerabilities within the project’s scope and timeframe.
• Crafting a tailored tabletop exercise scenario aligning with CCI’s security profile, and facilitating a constructive post-exercise learning session.
• Successfully identifying both known and unknown applications running on the CCI Health networks and reconciling the gathered data accurately.

Results/Deliverables:

• Successful fortification of CCI’s security posture, enhancing their readiness to respond to potential security events.
• Identification and mitigation of vulnerabilities across the network, bolstering the overall security infrastructure.
• Cultivated a security-conscious culture within CCI Health Services, promoting a coordinated response to potential cyber threats.
• Developed a comprehensive report encapsulating the findings, severity, and remediation recommendations, followed by a closing meeting to discuss the path forward.