The network allowed SMB relay attacks, which could let an attacker move laterally between systems. Several accounts had excessive privileges, opening the door to domain admin escalation. MFA was technically enabled but not consistently enforced, and with no Conditional Access Policies or audit logging in place, login anomalies could go unnoticed. A separate patient portal also contained an IDOR vulnerability that exposed appointment data through simple URL manipulation.
We helped the organisation review all privileged accounts and tighten Group Policy settings across Active Directory. Clinical and admin systems were segmented, and the guest Wi-Fi network was isolated to limit crossover risk. MFA was enforced across the board, Conditional Access Policies were implemented, and legacy protocols were disabled. The vulnerable portal was patched and a security scanning step was introduced to the deployment process to prevent similar issues from reoccurring.
The work done helped the provider build resilience into its systems without compromising patient care. With clearer audit trails, enforced MFA, and tighter user access protocols, the business is now more confident in its compliance with My Health Record security standards and the Australian Privacy Principles, while continuing to deliver essential care across the region.
Reach out to chat about your goals, challenges, or just to get a fresh perspective on your IT. Our team is ready to listen.
