Hospital Pentest
Found 23 vulnerabilities — 4 critical — before the medical platform launched
- Client
- Riyali Health
- Year
- 2025
- Duration
- 3 weeks
- Team
- 3 security researchers
Riyali Health was about to launch an EMR platform serving 12 hospitals. They commissioned a comprehensive pre-launch audit. We found 23 vulnerabilities — 4 critical — and delivered a complete remediation plan. Every issue fixed in 14 days.
The challenge
Medical data is among the most sensitive. A single vulnerability could leak records of 180K patients and trigger multi-million riyal penalties. Every layer needed full scrutiny before launch.
The result
All critical and high-severity issues were remediated before launch. The platform today serves 180K patients with zero security incidents. Riyali Health earned the Saudi MoH certification for handling sensitive data.
Our approach
- 01
Week 1: Reconnaissance + attack surface mapping
- 02
Week 2: Manual review of business logic + APIs + auth flows
- 03
Week 3: Automated scanning with Burp Suite Enterprise + Nuclei + access-control tests
- 04
Full CVSS report with PoC for every issue + step-by-step remediation
- 05
3-hour walk-through with their engineering team
- 06
Free re-audit after remediation (we caught one regression)
“Professional pentest of our hospital network. Found 4 criticals we'd missed. Their professionalism is worth every riyal.”