How a medical clinic improved its security posture with Mediafon Technology: Implementing SOC as a Service
A mid-sized medical clinic needed to raise its level of cybersecurity to protect patient data, intellectual property, and supply chain systems, while also meeting industry and regional requirements. Mediafon Technology delivered a tailored Security Operations Center as a Service (SOCaaS) solution, including continuous monitoring, rapid incident response, vulnerability management, and compliance reporting. The collaboration shortened detection and response times, eliminated critical vulnerabilities, and allowed the IT team to focus on business initiatives instead of reacting to security alerts.
Client – a mid-sized company from the medical devices sector (manufacturing, distribution, service support).
The organization processes:
● Sensitive patient and partner data (personal and medical data)
● Design and production information (intellectual property)
● A distributed IT infrastructure, including OT segments in the factory, ERP, VPN partners, and office IT
Due to the nature of its operations, the client needed a compliant and cost-effective operational security capability.
Challenges limiting effective protection of the IT and OT environment
The client faced several challenges:
● Lack of 24/7 security monitoring — incidents were detected sporadically and only during staff working hours.
● Limited internal capabilities — no dedicated SOC/IR team.
● Regulatory pressure — the need to demonstrate controls for data protection and supplier requirements.
● OT/IT convergence risks — growing integration of production and office systems without centralized monitoring.
● Alert fatigue and false positives — limited triage capability increased the risk of missing real incidents.
Objectives
● Implement continuous 24/7 monitoring and alerting for key systems (network, endpoints, servers, cloud services, OT gateways).
● Reduce MTTD and MTTR.
● Launch vulnerability scanning and define a prioritized remediation plan.
● Deliver compliance reports for management and auditors.
● Ensure clear escalation paths as well as periodic training and advisory support.
Solution delivered by Mediafon Technology
Initial security assessment
Asset discovery, attack surface mapping, risk assessment, and prioritized recommendations.
Integration and telemetry
Log centralization (SIEM) with integration of:
– network devices (firewalls, switches)
– endpoints (EDR)
– cloud services (SaaS logs, identity providers)
– OT gateways (where possible, read-only mode)
– vulnerability scanners and external threat intelligence sources24/7 monitoring and alerting
● Alert analysis, triage, enrichment, and context building.
● Triage playbooks for common incidents (malware, phishing, lateral movement, OT anomalies).Incident response and remediation
● Rapid response procedures, defined escalation paths, and incident containment instructions.
● Coordination of data preservation for forensic analysis.Vulnerability management
Regular scans, risk assessment, and remediation ticketing aligned with deployment windows.
Reporting and compliance
Monthly management reports, quarterly threat reviews, and compliance packages for auditors.
Knowledge transfer and training
Workshops for IT teams: secure configuration, incident escalation, tabletop exercises.
Results
Operational benefits: IT incident-related workload decreased by 40–60%, enabling the delivery of business projects.
Risk reduction: Proactive threat hunting and vulnerability management reduced the attack surface and the risk of operational disruption.
IT team: Overall workload was reduced.
In the first month, a phishing attempt was thwarted, preventing a potential loss of approximately €50,000.
Audit readiness: The client now has regular reports confirming continuous monitoring and incident handling, increasing supplier trust and regulatory compliance.
Mediafon Technology
Mediafon Technology is a Lithuanian company specializing in cybersecurity solutions, IT monitoring, and SOC as a Service offerings. It provides comprehensive support for protecting IT infrastructure, vulnerability management, and compliance with the NIS2 Directive. Its services include continuous security monitoring, incident analysis, expert consulting, and regular IT audits.
Schedule a demo and learn more
To schedule individual demonstrations, partner training sessions, or pilot projects, please contact the Business Development Manager at Oberig IT – Krystian Hofman.