With thousands of IT assets spread across 40+ medical offices throughout New York, the complexities of the ENTA security posture were staggering. “Every IT department is strained for resources,” noted Anthony Venuto, Director of Information Technology for ENTA. “We needed a security partner who understood medical environments, and who could help push our team in the right direction.” More than providing security assessment and analysis services, the chosen partner had to efficiently identify and communicate security deficiencies as well as assist in the prioritization of remediation efforts.
Given the size and geographic distance of ENTA medical offices, effectively capturing and documenting security exposures posed a challenge. “We didn’t have an unlimited budget,” said Brian Horton, CEO of Breadcrumb Cybersecurity. “We had to break the mold a bit to ensure we met our client’s requirement while ensuring our quality and standards were met.” Utilizing a mixture of vulnerability management appliances, on-disk agents, and manual control reviews, Breadcrumb engineers assessed the entire organization within the CIS Top 20 Controls and all within budget. In addition, Breadcrumb performed systematic Wi-Fi testing, on-premise physical barrier assessments, and highly customized penetration testing campaigns. “By performing targeted penetration testing, we demonstrated real-world outcomes,” said Brian Horton.
From start to finish, the overall engagement was completed in approximately nine (9) weeks. Breadcrumb delivered a cohesive report outlining organizational strengths, weaknesses, and strategic recommendations. This type of actionable reporting promoted meaningful resource prioritization and the measurement of ongoing remediation efforts.