VulnerabilityScanPro
About Services Pricing Case Studies Blog Contact
Sign in Create account
All case studies
PHI exposure closed quietly, in seven days
Healthcare · HIPAA · 120 employees

PHI exposure closed quietly, in seven days

A telehealth startup discovered an authenticated endpoint was leaking patient identifiers through a sidebar widget. We confirmed scope, ran a full audit, and shipped fix code in seven days.

Challenge

Their internal team flagged the issue late on a Friday. They needed (a) confirmation of scope, (b) a HIPAA-aligned report for their compliance officer, and (c) a remediation plan their team could ship without breaking patient flows.

Approach

Senior analyst paired with their lead engineer in the order chat over the weekend. Audit kicked off Monday, fixes shipped Wednesday, re-test confirmed Friday. Compliance officer received a HIPAA-mapped report on Saturday.

Outcome

No patient harm. No notification trigger. Compliance officer signed off without escalation.

More case studies

From audit to A+ rating in fourteen days

From audit to A+ rating in fourteen days

A regulated payments platform needed SOC 2 evidence in two weeks. We delivered the audit, remediation plan, and re-test certificate with three days to spare.

 Stopped a chargeback ring before launch

Stopped a chargeback ring before launch

A DTC brand was three days from launch with a clever cart-tampering vector hiding inside their Shopify storefront customisation. Our manual review caught it.