Allied Health Network
Multi-site infrastructure deployment — zero-trust security, SD-WAN, and Cliniko API integration across three clinic locations.
Infrastructure Audit & Discovery
We deployed our standard Sanctum Infrastructure Audit across all three clinic locations — passive network topology mapping, Microsoft 365 tenant security review, endpoint inventory, and Cliniko API access pattern analysis. Staff interviews captured workflow context that no scanning tool could reveal.
- Full network topology mapping using passive scanning across 3 sites
- Microsoft 365 Secure Score baseline established at 31/100
- Complete endpoint inventory — every device, OS version, and software installation
- Staff interview sessions to understand clinical workflows and IT pain points
Key Outcome
47 critical findings uncovered — the most alarming being an ex-contractor's Microsoft 365 account still active with full access to patient scheduling data 8 months after their engagement ended. Every vulnerability was mapped to a remediation priority before deployment began.
Zero-Trust Architecture
We treated the three clinic sites as a single sovereign infrastructure rather than three independent problems. Microsoft Entra ID became the single identity provider with Conditional Access policies enforcing MFA for every user. SD-WAN encrypted tunnels connected all sites with VLAN segmentation separating clinical devices, staff workstations, and guest Wi-Fi — plus 4G failover at every location.
- Microsoft Entra ID (Azure AD) as unified identity provider with Conditional Access enforcement
- SD-WAN deployment connecting all 3 sites over encrypted tunnels with 4G failover
- VLAN segmentation separating clinical devices, staff devices, and guest networks
- WPA3 enterprise-grade Wi-Fi with certificate-based authentication at every site
Key Outcome
Microsoft 365 Secure Score climbed from 31/100 at baseline to 84/100. Automated onboarding and offboarding via lifecycle workflows eliminated the identity sprawl that had left ghost accounts with access to patient data.
SentinelOne EDR & Endpoint Governance
Every endpoint across all three locations — workstations, laptops, shared kiosks — received SentinelOne EDR with automated patching, BitLocker encryption enforcement, and device compliance policies that block non-compliant machines from accessing clinical systems. The Cliniko practice management system was secured via IP allowlisting restricted to managed network addresses only.
- SentinelOne EDR deployed to every endpoint across all 3 clinic locations
- Device compliance policies — non-compliant devices blocked from clinical system access
- BitLocker encryption enforced on all Windows devices with automated patching schedules
- Cliniko API access restricted to managed network IPs with rotation to application-managed tokens
Key Outcome
Zero security incidents in 12 months — no breaches, no ransomware attempts that bypassed EDR, no unauthorised access events. The practice is now audit-ready for Australian Privacy Act requirements regarding health records.
99.97% Uptime & Operational Handover
Beyond the technical deployment, we delivered a comprehensive handover package: site-by-site documentation, staff security awareness training at every location, 24/7 SOC monitoring, and a monthly governance report cadence that catches configuration drift before it becomes a vulnerability. Every quarter we re-run the security baseline and compare against the prior period.
- 99.97% uptime achieved across all 3 sites — only downtime was a planned firmware maintenance window
- Comprehensive documentation delivered to practice management at every site
- Staff training sessions covering security awareness and new login procedures
- Monthly governance reporting with quarterly security baseline re-assessments
Key Outcome
The practice manager reported: 'The new system just works. Nobody complains about IT anymore, which is the highest compliment.' Zero breaches, 99.97% uptime, and a governance cadence that prevents drift — all delivered in a 6-week sprint.
Full Case Study
Dive into the complete story — from challenge through deployment to measurable results.
Read the Full Case Study →