Private Equity-Backed Healthcare Services Provider

Improving digital resiliency through cybersecurity upgrades during post-close planning

Improving digital resiliency through cybersecurity upgrades during post-close planning

Our impact

Cybersecurity events are not so much a matter of if but when in today’s digital space. Private-equity-backed companies often find themselves attractive targets for threat actors once the news of an acquisition breaks. 

That’s why one private equity firm recently asked West Monroe to look closely at cybersecurity during IT due diligence and post-close planning for its purchase of a healthcare specialty services provider. Our diligence highlighted high-priority areas for attention—implementing best practices our client and West Monroe jointly deemed non-negotiable. Our client knew we had the technical chops to get this work done and increase cyber resiliency of the environment both quickly and effectively. By earning their trust to execute these initiatives, we not only significantly reduced risk but also provided leadership with the comfort of a strengthened environment—while simultaneously freeing up the IT organization to focus on high-value activities.

2000+

endpoints integrated into asset management system to enable centralized control 

1000+

workstations and servers configured with automatic password rotation

90+

unapproved applications removed and blocked across all workstations 

The full story 

The challenge

Minimizing the chance that a small cyber incident becomes an expensive ransomware event was critical for our client and its management team. Our client wanted a clear picture of the target’s cybersecurity practices and capabilities—and our due diligence brought that into focus. We examined critical areas, including workstation security, authentication, administrative, and service account credentials as well as protections, user policies, remote management, and monitoring (RMM).  

We were able to provide our client with actionable recommendations to improve the target's cybersecurity posture—but that came with challenges: We faced the task of completing a significant amount of work within a limited timeframe considering the short hold period and the need to focus on initiatives that could enhance value and drive EBITDA growth. This spurred our team to action. 

An undeniably different approach

We can’t help our clients be digital if their systems aren’t effectively secure. That’s why we’re changing the cyber paradigm to foster a resilient culture of security. Our distinctive expertise in technology, business operations, and private equity helps our clients fortify every digital element of a business. 

Understanding our client’s sense of urgency due to the short hold periods and limited time available to demonstrate value, we rapidly mobilized a team of multi-disciplinary experts to deliver strategic guidance, recommend essential initiatives, and create a structure to guide changes. This allowed the investors to focus on high-value activities that move the needle. 

Our team also began executing critical initiatives right away, focusing on areas such as:

  • Access policy with multifactor authentication 
  • Workstation and removable media encryption  
  • New technologies such as Microsoft Defender for Identity, a cloud service that monitors account activity and looks for anomalous activity on a corporate network 
  • Cloud-dedicated administrator accounts 
  • Removal of non-essential software
  • Enhanced back-up infrastructure 

To enhance our client's resiliency against ransomware attacks, we launched several workstreams. First, we created new administrative accounts to isolate Azure Active Directory (AD), Microsoft 365, and Azure administrative activities from our client's data center or office networks. This way, if an account were to be compromised, the attack wouldn't spread to other environments. 

Next, we implemented Azure AD Privileged Identity Management and session controls for cloud administrator accounts to minimize their "attack surface." We also enforced multifactor authentication (MFA) for added security. Additionally, for administrative accounts in our client's data center and office, we configured Thycotic Secret Server to automatically rotate administrator account passwords after a set number of hours. Finally, we secured Secret Server with MFA, requiring MFA for traditional Active Directory administrator accounts. We successfully completed this work in just six weeks, working in parallel with other initiatives. 

We also counseled our client on updating their Microsoft 365 licensing package to include necessary security controls. 

Knowing that people are central to cybersecurity, our team assisted with introducing changes to employees and system users such as guidance for reconfiguring mobile phones. We also coached the client’s IT staff through all of the work to make sure they were prepared to manage cybersecurity practices effectively going forward. 

Project Timeline

4
weeks
Enabled MFA for VPN connections, implemented consolidated asset tracking, and on-premises Exchange modernization
1
week
Evaluated cybersecurity insurance policy and implemented MacOS cybersecurity strategy
3
weeks
Disabled removeable media devices, disabled 3rd party applications, and rotated administrative & service account passwords
4
Weeks
Encrypt end user desktops and transitioned remaining tasks and documentation client’s security team

Real results

In just weeks, we significantly improved the company’s cybersecurity posture, reducing both the likelihood of an incident occurring and the potential magnitude should one occur. By using proven materials and approaches, we were able to mitigate both disruption to employees and unplanned business outages.  

The company now has new technologies in its environment for protecting administrative accounts, data on mobile devices, and remote access. The updates have made the environment more resilient and able to withstand potential cyberattacks. And by implementing appropriate cloud security controls, we enabled the company to take yet another key step in its journey to be digital.

Want to learn more?