Case Study SickKids Foundation

Industry:

Healthcare

Company Size:

500+

Location:

Toronto, Canada

Services Used:

Infrastructure Penetration Testing

SickKids Foundation is a fundraising organization based in Toronto that supports the Hospital with sick children. With over 1.5 million active donors, the foundation collects and manages sensitive information, which could result in reputational damage and loss of donors if breached.

About SickKids Foundation

SickKids Foundation is a fundraising organization based in Toronto that supports the Hospital With Sick Children. With over 1.5 million active donors, the foundation collects and manages sensitive information, which could result in reputational damage and loss of donors if breached.

To ensure their donors’ information is secure, Derek Sutton, the Director for Infrastructure and Enterprise Architecture, recognized the need to improve their security posture. As a part of that effort, he turned to Packetlabs to conduct a penetration test.

Primary Objective

SickKids Foundation’s primary objective was to assess its security posture and uncover any vulnerabilities that their team might have missed. While they had implemented some basic security protocols, the organization’s infrastructure was static and needed an update. A penetration test could help them identify the gaps and vulnerabilities that might exist, allowing them to remediate the issues and improve their security posture before they could be exploited.

Packetlabs developed a comprehensive 95% manual testing methodology with a coverage-based approach to replicate real-world conditions accurately. Their team of highly specialized, in-house ethical hackers worked to actively analyze the systems from an attacker’s perspective, separating the noise and outlining the most critical findings that require mediation. Furthermore, their coverage-based approach enabled testers to test several methods of system breach and vulnerability exploitation that imitated a hacker’s efforts to generate an accurate and thorough report.

Results

The Packetlabs’ penetration testing approach uncovered a list of hard-to-detect vulnerabilities and potential attack vectors that could be exploited. The final report provided insights that helped the foundation’s IT team understand their infrastructure’s weak points and provided guidance on strengthening their overall security posture. Additionally, Packetlabs’ Canadian Data Residency and SOC 2 Type II Accreditation provided SickKids Foundation with the satisfaction that all test reports were securely protected within a trusted environment while ensuring complete compliance with data security standards. In conclusion, Packetlabs’ thorough penetration testing approach allowed SickKids Foundation to identify vulnerabilities, remediate issues, and improve its security posture. Derek Sutton recommends Packetlabs to his peers for their expertise, coverage-based approach, manual testing methodology, and no false positive findings. In addition to the outstanding service, Packetlabs’ SOC2 Type II Accreditation and Canadian Data Residency gave SickKids Foundation’s donors peace of mind that their information is well protected.

"We are always being asked what our security posture is like. Penetration testing is one of the best ways for us to understand from both the inside and outside exactly how vulnerable we could be in a real-world scenario, which is why we value it so highly."

Derek Sutton, Director for Infrastructure of Enterprise Architecture at SickKids Foundation