Case Study
Healthcare Group: Wireless Pivot & Phishing Campaign
HealthcareOrg size: 5–10k employeesFocus: Wireless & Human4-week engagement
Combined guest Wi-Fi abuse and targeted phishing to show cross-network risks to clinical systems without disruption.
Challenge
A multi-site healthcare group wanted to understand how exposure from guest Wi-Fi and staff behavior could realistically impact clinical systems, without risking downtime or impacting patient care.
Approach
- • Assessed guest and staff wireless segmentation to identify practical pivot paths between networks.
- • Ran a controlled phishing campaign informed by OSINT to test how staff reacted to realistic messages.
- • Modeled how an attacker could chain wireless access with a successful phish to gain deeper access.
- • Worked closely with internal security and clinical IT to ensure all testing respected operational constraints.
Outcomes
- • Exposed configuration gaps that allowed limited pivot potential from guest Wi-Fi toward internal services.
- • Improved phishing resilience through concrete examples of what staff missed and how to report suspicious activity.
- • Prioritized wireless and identity-related fixes that materially reduced realistic risk to clinical systems.