"Netsparker has allowed us to proactively security test our healthcare patient centric web applications to the highest level and safeguard confidentiality along with huge cost savings and ease of use." - Dale Langham, Senior Data Platforms Manager, Healthcare at Home Ltd.
Healthcare at Home Ltd was established in 1992 and the vision was, and still remains today, to enhance the way in which care is provided for patients both in the home and in the community. The company has grown rapidly since its beginnings to become the UK's leading provider of innovative home health care services.
Unaffordable Third Party Web Application Security Services
The Healthcare at Home Ltd technical department has to maintain more than fifty websites and user portals, all of which are used 247 by staff and remote business partners alike to access patients, nurses and medicine records. To ensure the security of all the confidential data such websites hold, and to comply with the strict regulatory compliance rules Healthcare at Home hired third party security professionals. Though as the company grew and their web applications became more complex it was obvious that fully depending on third party services was not sustainable because:
- The process of keeping the websites and confidential data secure was becoming more complex hence the prices skyrocketed and became unaffordable.
- The development of new features in web applications was being slowed down because third party consultants were not always available, thus negatively impacting business operations.
Adding In-House Web Application Security Tests to the Equation
To ensure the continuous development and implementation of new web application features and the security of all confidential data at an affordable price, Healthcare at Home Ltd opted to move the majority of web application security tests in-house, thus reducing the dependency and costs of third party security service. "The main reason was to be able to pen test our web applications internally within the business prior to our regulatory external company pen testing. By doing so we can keep costs at a minimum and can release new web application features without waiting for when the contractor is available," explained Dale Langham, the Senior Data Platforms Manager for Healthcare at Home Ltd.
To start doing their own web application security testing, Healhcare at Home Ltd needed a software solution that can:
- Automatically identify vulnerabilities and security flaws in their custom built web applications.
- Be easy to use and reports no false positive to compensate for the shortage of manpower and internal web security expertise.
- Be able to scan both PHP and .NET web applications running on both Apache and Microsoft IIS web servers.
- Perform fast web application security scans to keep up with the constant changes in more than fifty web applications.
- Backed up by professional support to iron out any possible problems the team can encounter when scanning web applications.
Saving on Costs and Boosting Both Security and Productivity with Netsparker
After evaluating several automated web application security solutions Healthcare at Home Ltd chose Netsparker Desktop on the basis that it is very easy to use and reports no false positives. "I got sold on the fact that Netsparker does not report any false positives. Considering the limited amount of time we have to release new features I cannot afford to waste time verifying the scanner's results and can go straight to the developers to report the problems," stated Mr Langham.
"We have been using Netsparker for over 9 months now and it helped us drastically reduce our external pen testing costs and ensures we fully test our web applications prior to and during LIVE release. We are now able to internally test our web based applications after any changes we make without having to rely on external third party assistance," continued Mr Langham.
Identifying Critical Web Application Vulnerabilities
Healthcare at Home Ltd confirmed that Netsparker already uncovered some vulnerabilities that if exploited would have allowed an attacker to gain access to confidential data. But now they are no longer worried about it. As Dale Langham explains "Netsparker has allowed us to proactively security test our healthcare patient centric web applications to the highest level and safeguard confidentiality along with huge cost savings and ease of use."
About Healthcare at Home Ltd
Healthcare at Home Ltd was established in 1992 by founder and former chairman Charles Walsh. The vision was, and still remains today, to enhance the way in which care is provided for patients both in the home and in the community.
The company has grown rapidly since its beginnings to become the UK's leading provider of innovative home healthcare services. We now deliver every day of the year (aside from Christmas Day, Boxing Day and New Year's Day) supported by a bespoke IT infrastructure.
We work with the NHS, pharmaceutical companies, private medical insurers, consultants, GPs, Patient Groups and charities. Our team of over 1,000 staff operate from locations throughout the UK to provide national services delivered from a local base.