Case Study: Large Hospital System eliminates Pass-the-Hash risk with Delinea Secret Server

High security architecture and enterprise PAM eliminate risk of Pass-the-Hash attacks

A large hospital system, facing escalating cyberattacks, discovered during routine penetration tests that Domain Administrators’ remote login practices left password hashes on endpoints, exposing the environment to Pass‑the‑Hash attacks. The IT team needed to evolve from a basic password vault to a mature privileged access management strategy that enforced credential tiering and secure credential handling for all privileged accounts.

The hospital implemented Delinea Secret Server enterprise PAM across Tier 0–2, adopted Microsoft Privileged Access Workstations, deployed Distributed Engines, enforced daily automated password rotation, two‑factor authentication, and RDP access that never exposes credentials, and integrated Secret Server with its SIEM. The new architecture improved performance and visibility, cleared penetration tests for password vulnerabilities, eliminated Pass‑the‑Hash risk, and provided executives and auditors with clear, actionable reporting.