This penetration test was a complete disaster for the client.
Our team had gained unauthorised access to hospital software and we demonstrated to the client that this software could edit the medicine that nurses would administer to patients.
We could tamper with hospital files, medical records and even delete the thousands of records that would force the hospital to re-process hundreds of patients.
The CIO was livid. Furious. Embarrassed.
None of his security investments had worked.
He challenged every finding and every line in our report:
This is called “Dark Risk Management”.
In the end, he buried our report and we lost a client -or, better put, he lost.
I can't imagine how he would have a clear conscience in view of how he handled the situation.
If you’re in charge of cyber security and you haven’t made decisions that you’re proud of then here’s how to make up for it:
Harden Windows Systems using MS Guard:
MS Guard is a FREE Windows security assessment tool that helps organisations save money, improve their ROI, reduce cyber risks, achieve compliance and deliver security at scale.
Register now to receive updates about upcoming cyber security courses by Mossé Cyber Security Institute: