Case Study: MCPHS University saves 140 hours through automated vulnerability prioritization with Rapid7 Nexpose

MCPHS University Saves Time and Effort with Nexpose

MCPHS University, a multi-campus medical sciences university, tasked lone security analyst Allen Basey with meeting strict compliance requirements (HIPAA/HITECH, FERPA, Mass 201 CMR 17) while protecting student, faculty, and staff data. Using a low-cost scanner (Nessus) proved too manual and unscalable: quarterly scans gave only broad risk buckets, lacked actionable prioritization and patch guidance, and left Allen — as the sole security resource — spending excessive time breaking up scans and convincing IT to apply critical fixes.

Allen built a business case and moved to Rapid7 Nexpose (InsightVM), enabling automated, continuous asset discovery, scanning, and prioritization. Nexpose’s automatic remediation prioritization saved him roughly 140 hours and cut discovery/reporting time by about 10 hours, made patching decisions easier for system support teams, and delivered faster, more effective vulnerability management backed by responsive Rapid7 support.

MCPHS University

Allen Basey

Senior Security Analyst