| Firmographics | Digital Risk Exposure |
| Industry: Healthcare Executives Enrolled: 850+ Employees Enrolled: 2,000+ | VanishID discovered 91,038 breaches and 5,423 cleartext credentials in the span of three months. VanishID removed 6,278,984 pieces of exposed PII in nine months. |
Executive Summary
A leading healthcare company partnered with VanishID to address a critical cybersecurity vulnerability: the massive exposure of personal identifiable information (PII) of their executives and employees.
This exposed personal data was fueling social engineering attacks, online harassment, and physical threats against executives and their families. Leadership selected VanishID for its managed service approach, which allowed them to quickly deploy the solution. The inclusion of family member protection by default was a key differentiator from other solutions.
Within three months, VanishID removed over 3.3 million pieces of exposed PII and reduced digital risk across enrolled users by 39%. This dramatic reduction in the company’s human attack surface has significantly strengthened their overall security posture against data-driven threats.
The Challenge: A Visible Digital Footprint
As a prominent player in the healthcare sector, the company faced unique security challenges. When board members and senior executives became targets of financial fraud schemes and physical threats, the urgency became clear. Healthcare leaders face elevated risk due to regulatory visibility, access to sensitive patient data, and the high-profile nature of industry decision-makers.
Initial scans revealed alarming exposure levels:
- A staggering 6.27 million pieces of PII was removed in a 9 month span across enrolled users, which included executives and employees.
- The largest category of removed exposed PII was family, with 1,873,511 pieces of information. 1,169,884 pieces of exposed PII relating to contact information were removed.
- 237,114 breaches and 15,644 cleartext credentials were discovered across enrolled users in nine months.
This extensive digital exposure created a perfect environment for sophisticated social engineering attacks, with personal data readily available to craft convincing phishing attempts, impersonation scams, and targeted attacks against key decision-makers.
The Solution: Continuous PII Removal
VanishID implemented its automated solution, requiring minimal effort from the healthcare company’s security team. The implementation included:
- Enterprise-Wide Protection: Enrolling 1 CEO, 887 executives, 2,000 employees, and 51 family members in VanishID’s continuous PII removal service
- User Reconciliation: Coordinating with the healthcare company to update enrolled user lists and establish ongoing provisioning and de-provisioning processes
- Executive Family Focus: Launching a focused effort to increase family member enrollment, recognizing that executives’ family members often represent an overlooked vulnerability
- Continuous Monitoring and Removal: Deploying automated scanning and removal technology to identify and eliminate PII from data broker sites continuously
VanishID required only employee names and work emails to begin the protection process, with initial results appearing within 24-48 hours.
Powerful Results: Measurable Risk Reduction
The impact of VanishID’s protection was substantial and measurable:
Protection Results:
- 39% reduction in overall digital risk
- 6,278,984 pieces of PII removed
- 237,114 breaches discovered
- 15,644 cleartext credentials discovered
Removal of numerous exposed profiles:
- 1,873,000+ pieces of family PII
- 1,087,000+ pieces of network PII
- 1,169,000+ pieces of contact information
- 950,000+ pieces of background PII
Initial Digital Risk Scores
Current Digital Risk Scores
Understanding Risk Measurement and Mitigation
In the charts above, every dot is an employee. The X axis shows the target’s overall value, and the Y axis shows the target’s accessibility.
Access: The Access score measures how accessible a person appears to threat actors outside your perimeter. Scoring includes overall vitals, biographics, openness, and activity metrics.
Higher Access scores = relatively easier for attackers to research, approach, and communicate with.
Value: The Value score measures how attractive a target appears from an attacker’s perspective. Scoring includes overall security, privileges, network, and exposure.
High Value scores = most worthwhile for attackers to target, directly or through impersonation.
Beyond Technical Protection: Business Impact
The implementation of VanishID’s solution delivered several key business benefits:
- Reduced Social Engineering Success Rates: By removing the personal information that fuels targeted attacks, the company experienced fewer successful social engineering attempts.
- Enhanced Security Posture: The dramatic reduction in exposed PII strengthened the company’s overall defense against human-targeted attacks—often the starting point for more severe security breaches.
- Operational Efficiency: Instead of dedicating internal resources to remove personal information manually, the automated solution handled this task continuously, allowing the security team to focus on other priorities.
- Family Protection: The expanded protection to executive family members closed a significant vulnerability gap, as family members are often targeted as indirect entry points to company systems.
Looking Forward: Building on Success
Initial success has fueled program expansion. VanishID coverage now extends well beyond the founding executive group to thousands of leaders, with enrolled executives championing further expansion to the broader employee population as a company benefit. The Privacy Briefings continue to resonate with leadership, while the security teams value the minimal operational lift.
