Case Study: Fairview Health Services achieves streamlined PCI compliance and reduced scope with NetSPI

Fairview - Customer Case Study

Fairview Health Services, a large not‑for‑profit healthcare network in Minneapolis, needed to understand its obligations under the PCI Data Security Standard and complete the Self‑Assessment Questionnaire (SAQ) while locating and protecting cardholder data across many departments and systems. To address this, Fairview engaged NetSPI for PCI consulting, SAQ/QSA assistance, gap analysis, ASV scanning, and ongoing security assessments.

NetSPI mapped payment flows, documented gaps, helped complete the SAQ, conducted external ASV scans and security assessments, and helped design a “PCI island” to restrict systems that process or store card data. As a result, Fairview significantly reduced the scope of PCI compliance (so scans now cover a much smaller footprint and take far less time), uncovered and remediated issues such as generic logins and misconfigured sites, reduced unnecessary data storage, and moved to regular NetSPI‑validated audits and quarterly scans.

Fairview

David Leach

Assistant Treasurer