Healthcare Case Study

3-Site GP Surgery Group Secures 2,800 Patient Records in One Week

A multi-site GP surgery group in the West Midlands with 42 endpoints detected an unauthorised remote-access tool within 48 hours, secured legacy admin accounts, and achieved full NHS DSPT compliance — all while saving £7,680 per year.

Book your scoping call

The Challenge

Three sites. Zero visibility.

This 3-site GP surgery group in the West Midlands was handling thousands of patient records across 42 endpoints with no unified security monitoring.

Basic antivirus only

The practice relied on basic antivirus software with no visibility across its three locations. There was no centralised logging, no threat detection, and no alerting.

Unauthorised remote-access tool

An unauthorised remote-access tool was discovered on a reception PC — raising immediate concerns about who had been accessing the network and for how long.

Mounting compliance requirements

NHS Digital compliance requirements were increasing, and a previous penetration test had flagged critical issues — but no remediation support was provided.

The Solution

Three sites covered. One managed service.

The surgery group deployed SOC in a Box Medium (50 assets) across all three locations in five working days.

All 3 sites in 5 days

Deployment was completed across all three surgery sites in just five working days, with minimal disruption to patient services.

Virtual appliance at satellite site

A virtual appliance was used at the satellite site with limited rack space — ensuring full monitoring coverage without additional hardware requirements.

SOC in a Box Medium (50 assets)

24/7 monitoring, vulnerability scanning, dark web monitoring, awareness training, compliance support, and incident response — covering all 42 endpoints across three locations.

The Results

Critical findings. Within 48 hours.

Unauthorised tool detected in 48 hours

The unauthorised remote-access tool on the reception PC was detected and removed within the first 48 hours of monitoring going live.

3 legacy admin accounts secured

Three legacy admin accounts with weak passwords were identified and secured — closing a significant attack vector that had been open for years.

£7,680 per year net saving

A net saving of £640 per month compared to the previous patchwork approach — totalling £7,680 per year with significantly better coverage.

NHS DSPT compliance achieved

Full NHS Data Security and Protection Toolkit compliance was achieved, with ongoing monitoring ensuring the practice stays compliant year-round.

Key Metrics

The numbers that matter.

48 hrs

To first critical finding

3 sites

Monitored 24/7

£7,680

Net saving per year

100%

NHS DSPT compliance

Testimonial

“The peace of mind alone is worth the investment. We finally have visibility across all three sites, and we know someone is watching around the clock.”

— Practice Manager, GP Surgery Group, West Midlands

Your organisation could be next. Let’s talk.

Book a 30-minute scoping call. We’ll map your current security spend, show you what you can cancel, name your analyst, and quote your price — with no obligation.