On July 31, 2025, 24By7Security celebrates its 12th anniversary of being in operation. Looking back over the past 12 years, we are proud of the difference we have made for our clients—helping them strengthen their cybersecurity posture and achieve compliance, while continuously improving our own processes and deliverables. With many 5-star reviews and positive client testimonials, we like to keep improving our processes and deliverables, and to gain efficiencies. With over 85% of our clients returning year after year, more than 3,400 risk assessments completed across 850 locations, and steady business growth, we find it valuable to pause and reflect on our journey - seeing the path we have taken and how we have helped our clients strengthen their resilience.
In this post, we highlight 12 real‑world cyber resilience wins where we tackled client challenges and enabled them to mature in their cybersecurity strategies.
Problem: A large hospital faced a significant penalty and comprehensive Corrective Action Plan (CAP) from the Office for Civil Rights (OCR). One of the items of the CAP was that they undergo an audit after remediating the issues identified in the CAP. The CIO sought our help to ensure readiness for the audit.
How 24By7Security solved it: We performed a detailed pre-audit assessment based on HIPAA, by validating each control against what the hospital had implemented. Our team combed through pages of evidence and conducted stakeholder interviews of various departments and provided a comprehensive pre-audit report highlighting any areas of concern and recommending steps to address those areas. This helped the hospital prepare fully for their upcoming audit, which they passed without any issue, thanks to the in-depth assessment conducted by 24By7Security.
Problem: A well-established radiology practice unexpectedly received a compliance review letter from OCR. This letter was triggered by an article published in ProPublica magazine which said that medical imaging records were exposed on the internet. The OCR compliance review letter had 33 questions, some in multiple parts, asking for details of the practice, a response to ProPublica’s allegations, and detailed information such as the last risk assessment, what the practice does to encrypt images, how the servers are configured, specific policies, procedures and processes on how various controls are monitored, breach notification evidence, and much more.
How 24By7Security solved it: Our HIPAA experts guided the practice through every requirement. We went through the OCR letter in detail and started addressing each question in the letter. Our executive leadership helped the radiology office with hiring a qualified healthcare law attorney to draft the responses to OCR. Our team partnered with the office’s IT team and the attorney and compiled extensive evidence (enterprise-wide risk assessment, network diagrams, policies and procedures, audit logs, and all other documentation as requested by OCR) and helped prepare a robust response. We are pleased to report that OCR reviewed all the material and promptly closed the case.
Problem: A popular water adventures company was informed by their bank that until they demonstrated PCI compliance, they would receive a penalty and holdback totaling $10,000 per month. This was a large amount that would impact the business significantly. The company had minimal controls in place, risking months of continued penalties.
How 24By7Security solved it: Our team was assembled for the engagement immediately. We conducted site visits and based on a quick gap analysis, realized that there was a lot of work to be done. We developed and implemented policies and procedures for the company and trained their staff. We went through the entire cardholder process, prepared the necessary diagrams, and identified all the controls that staff members will need to implement to achieve PCI compliance. In a timeframe of about 2 months, the entire remediation work was completed, and the resulting PCI assessment demonstrated compliance. The company was able to resume full operations without further penalties and holdbacks.
Problem: A major fisheries business in Central America fell victim to a cyberattack.
How 24By7Security solved it: We quickly deployed forensics investigators to preserve chain of custody and pinpoint the cause of the attack. Once that was done and all operations were restored, we also conducted penetration tests for the company’s network to uncover any additional vulnerabilities, thereby helping strengthen the company’s defenses.
Problem: A Fortune 500 company was hit by a ransomware attack impacting over 200 servers and halting all online operations.
How 24By7Security solved it: We provided resources to the company to immediately work on restoring the servers and have the company fully operational in under 2 weeks.
Problem: During the early days of COVID-19, a massive ransomware attack hit a healthcare system with 300+ locations, while its IT head was out with COVID. The company was losing $1 million per day with its systems being down.
How 24By7Security solved it: We were brought in to support the organization in all areas and to co-ordinate investigation and restoration. Our team also supported the ransomware negotiations that were taking place among the company, its attorneys and the hackers. Eventually, all systems were brought back online in 4 days and the organization went back to business as usual.
Problem: A large hospital system had never conducted a vulnerability assessment or penetration test for its entire IP-addressable space. Considering that the system had multiple buildings spread out over 20+ locations, not having ever conducted a complete vulnerability assessment posed a risk.
How 24By7Security solved it: Our vulnerability assessment and penetration testing specialists conducted external penetration tests and internal vulnerability assessments of a total of around 30,000 IP addresses during agreed-upon testing windows, and provided detailed reports of vulnerabilities ranked by severity, and remediation recommendations.
Problem: A national retail food chain had never done PCI compliance before and did not even have an IT department. The franchisor required PCI compliance reports.
How 24By7Security solved it: We conducted their PCI assessment, with one team conducting the assessment and another team providing them support with VCISO services, policies, procedures, training, network diagrams, and more. Over the years, we have continued assisting them in enhancing their environment, and now they have a robust IT process supported by an internal team as well as by 24By7Security.
Problem: A large university needed periodic CMMC and NIST 800-171 assessments in order to secure continued grants from the Department of Defense. These assessments were critical for maintaining eligibility and ongoing funding for defense-related research and programs.
How 24By7Security solved it: Our team conducted comprehensive NIST 800‑171 and CMMC assessments at the university’s defense-related installations. We provided detailed reports along with a Plan of Action and Milestones (PO&M) that addressed identified gaps and outlined clear remediation steps. This proactive approach enabled the university to successfully meet compliance requirements and secure the DoD grants essential for their research initiatives.
Problem: A utility company required a security risk assessment conducted as part of the due diligence process prior to a strategic merger.
How 24By7Security solved it: Upon understanding their needs and what they needed to complete as part of the due diligence, 24By7Security executed an in-depth enterprise-wide security risk assessment aligned with the well-known NIST Cybersecurity Framework, and delivered a detailed risk assessment report and summary of findings report which the utility company was able to provide to the acquiring entity and complete the transaction.
Problem: A university needed to comply with multiple regulations such as HIPAA, FIPA, FERPA and GLBA, and they also needed streamlined processes for cybersecurity.
How 24By7Security solved it: 24By7Security crafted a tailored assessment methodology to assist the university in complying with all the above regulations and with the NIST Cybersecurity Framework. In addition, over the years, we have supported the university with numerous other services including Virtual CISO services, penetration testing, vulnerability assessments, third party assessments, tabletop exercises and continued annual risk assessments.
Problem: A newly appointed Chief Information Officer (CIO) at a national amusement park needed to assess the state of the company’s cybersecurity readiness.
How 24By7Security solved it: 24By7Security conducted an in-depth risk assessment based on the NIST Cybersecurity Framework, and a network vulnerability assessment. Based on the findings from this assessment, we created a roadmap of activities needed to be done to achieve an optimum state of cyber resilience. We reviewed and updated their policies and procedures. Following that, we conducted tabletop exercises to help with ongoing cybersecurity readiness. We have also assisted this client by conducting a PCI gap assessment.
As we reflect on these success stories, we are grateful to our clients and partners who have placed their trust in our services, and we are proud of the impact we’ve had on our clients’ resilience. Looking forward, Year 13 promises dramatic advancements with Artificial Intelligence (AI) and greater automation in our Virtual CISO offerings. Innovation and process improvement remain at the heart of 24By7Security, and we aim to deliver even more 5‑star results for our clients.