Multi-Site Medical Practice
Seven locations, aging servers, and HIPAA on the line. New infrastructure, secure interconnectivity, and tested recovery brought the practice to a clean audit.
Older IT infrastructure had become a hard constraint for this well-established, rapidly expanding medical practice. Undersized servers on an end-of-life OS ran the EHR; imaging archives filled whatever disk was nearest; and each new location bolted on another one-off network.
Two requirements were non-negotiable: HIPAA compliance across every site, and real-time connection among all offices so clinicians could work from any location.
“Clinicians move between offices all week — now the systems move with them. And when the auditors asked about recovery testing, we handed them the logs.”
The approach
Compliance-first assessment
Gap analysis against the HIPAA Security Rule: access controls, audit logging, encryption at rest and in transit, and — the biggest finding — recovery objectives that existed on paper only.
Platform refresh
New server hardware running the latest Windows Server OS with Hyper-V, sized for the EHR and imaging workloads with headroom for two more locations.
Secure site interconnect
Business-grade firewalls at all seven locations joined in a secure site-to-site VPN mesh, giving every office encrypted, real-time access to central systems — with per-role access controls.
Protect, back up, verify
Cloud-based server protection, HIPAA-appropriate encrypted backups with offsite copies, documented RTO/RPO per system, and scheduled restore tests. NetSys provides ongoing management for all servers and workstation hardware.
- Windows Server 2022 + Hyper-V
- EHR & PACS workload hosting
- Firewalls at all 7 sites
- Site-to-site VPN mesh
- Role-based access control
- Encryption in transit & at rest
- Cloud server protection
- Encrypted offsite backups
- Scheduled restore testing
- Workstation lifecycle management
The results
RTOs are contractual targets validated by scheduled restore tests, not estimates.
View data table
| Before (hours) | After (hours) | |
|---|---|---|
| EHR | 48 | 4 |
| Imaging | 72 | 8 |
| 24 | 1 | |
| File shares | 48 | 2 |
More case studies
Start with a free assessment — or the pen test.
Every engagement above began the same way: an honest look at where things stood. Take a scored assessment online, or book a free on-site penetration test and see your environment the way an attacker does.
