How BridgeHead Software took a proactive approach to cybersecurity with penetration testing to protect business critical systems and customer data
BridgeHead Software
Case Study
The Requirement
For almost 30 years, BridgeHead Software has been trusted by over 1,200 hospitals worldwide to provide healthcare data management solutions. Today, BridgeHead helps healthcare facilities consolidate, store, protect, and provide access to patient, clinical, and patient data across the healthcare enterprise. BridgeHead’s solutions offer a wealth of benefits, from streamlining digital workflows and improving clinical efficiencies through to mitigating the impacts of successful cyberattacks.
Ultimately, BridgeHead’s goal is to bring its expertise in data management to modern healthcare systems to improve care delivery and patient outcomes.
In terms of cybersecurity, BridgeHead is an ISO 27001 certified company. An essential requirement of the continued maintenance and development of the company’s objectives is the establishment and continual improvement of an Information Security system.
As part of the company’s focus on information security and cybersecurity best practice, it conducts regular internal reviews and external code reviews. However, for real assurance for both BridgeHead and its customers, penetration testing of its critical applications from a reputable managed security service provider was needed.
To learn more, read the full case study.
“Working with the DigitalXRAID team was a dream. The offering was very clear, and the process and communication was very good. Everything ran smoothly.
We were able to speak with technical specialists where needed, which ensured a clear scope that fit our requirements.
DigitalXRAID have consistently provided a professional and technical service and we look forward to working with them on future projects.”
Crispin Jewitt, Vice President of Products & Engineering, BridgeHead Software
BridgeHead selected DigitalXRAID to conduct penetration testing on key business applications to identify any security weaknesses or potentially exploitable vulnerabilities.
The first part of the testing was conducted on BridgeHead’s Multi-site Manager (MSM) application, which is an internet-facing service connecting customers to a monitoring server.
DigitalXRAID used various tools and techniques as part of the penetration test, in line with industry best practice. Testing was performed using an advanced testing methodology, comprised of years of experience and aligned closely with Open Web Application Security Project (OWASP) and Open-Source Security Testing Methodology Manual (OSSTMM) and other industry standards.
In the second part of the pen testing project, DigitalXRAID conducted testing on two further applications: HealthStore®, an interoperable, Clinical Data Repository that breaks down departmental silos and integrates access to all the data living outside of Electronic Health Record (EHR) systems, and its RAPid™ Data Protection solutions, a comprehensive suite of products that utilise backup and archiving technologies to safeguard mission critical systems and data across healthcare enterprises.
At the end of the testing period, DigitalXRAID supplied a comprehensive report, detailing the methodologies followed and highlighting and categorising any vulnerabilities found into low, medium, high and critical priorities.
To learn more about the full pen testing solution, read the full case study.
The Results
BridgeHead Software has been able to shore up security to ensure that there are no exploitable vulnerabilities in its applications, and that the company’s products and services are currently guarded against active threats from cyber criminals.
This gives BridgeHead’s customers the full reassurance that their data is protected.
As BridgeHead works with the healthcare sector with direct connection to healthcare organisations, it’s mandatory that it holds Cyber Essentials Plus certification, awarded by the National Cyber Security Centre (NCSC).
Based on the excellent work in providing penetration testing services, BridgeHead Software selected DigitalXRAID to support gaining Cyber Essentials Plus certification. This was achieved at the first attempt, and a program of annual re-certification is in place.
If you would like more information on our managed service for penetration testing, get in touch with our team of experts today.
Cyber Security Experts
Accredited and regulated, we're in the top 1% of cyber security agencies globally
We’re trusted by the UK Government as Crown Commercial Service providers as well as being accredited by two of the leading cyber security governing bodies. Our ISO9001 certification means you can rest assured our processes and approach are market leading.
Protect Your Business & Your Reputation.
With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.
