Case Study: Essentia Health achieves 98.5% reduction in risk exposure with Rapid7 Nexpose and Metasploit

Essentia Health Reduces Risk with Nexpose and Metasploit

Essentia Health, a multi‑billion dollar integrated healthcare system with roughly 100 facilities and about 50,000 IPs across the Midwest, faced the challenge of protecting patient data and meeting HIPAA/HITECH/PCI requirements while integrating frequent acquisitions. Rapid growth had left weak credentials, missed patches and legacy devices untested, so the security team needed a proactive vulnerability‑validation program and the ability to perform penetration testing before connecting new systems to the network.

After evaluating vendors, Essentia selected Rapid7 Nexpose Enterprise and Metasploit Pro for active scanning and exploit validation. Within eight months they cut risk exposure by about 98–98.5%, streamlined acquisition due diligence by using Metasploit before integration, gained actionable insight into medical‑device vulnerabilities, established quarterly testing, improved cross‑team remediation workflows and reporting, and benefited from responsive Rapid7 support.

Essentia Health

Scott Erven

Manager, Information Security