A phishing email made it through their legacy gateway filter. The attacker dwell time was 6 days before an alert was noticed — almost entirely by accident.

The CISO called us the day after the near-miss. Within 48 hours we had a forensics team on-site and a gap assessment underway.

We deployed a co-managed SOC-as-a-Service in 3 weeks: SIEM ingestion of all 94 log sources, endpoint detection on 2,200 devices, and a dedicated analyst covering the overnight shift.

HIPAA alignment was achieved within 8 weeks — covering the Security Rule, Breach Notification Rule, and Business Associate Agreement framework.

In 18 months of operation: zero successful breaches, 12 credential-stuffing attacks intercepted, 3 ransomware payloads detonated in sandbox before reaching any clinical system.