How a large healthcare insurer discovered and remediated critical security and compliance gaps in SAP RISE through advanced penetration testing
The customer is a large U.S.-based healthcare insurance provider, supporting millions of members and providers. The organization relies on SAP S/4HANA systems deployed under SAP RISE to run mission-critical finance, claims, procurement, and operational processes. Due to the sensitivity of healthcare and financial data, the organization must maintain a strong security posture and demonstrate compliance with mandatory SAP RISE security requirements and regulatory standards.
Following its migration to SAP RISE, the organization needed to address the shared responsibility model for security. While SAP manages infrastructure and platform-level controls, responsibility for application security, system configuration, integrations, and compliance with mandatory SAP RISE security parameters remains with the customer. The security team lacked assurance that the environment was resilient against real-world attack techniques and that system configurations fully met SAP-defined mandatory requirements. There was also concern that configuration and compliance gaps could expose the organization to both cyber attacks and contractual or audit risk.
The organization engaged Layer Seven Security to conduct penetration testing for its SAP RISE solutions combined with a compliance gap assessment against mandatory SAP RISE security and hardening requirements. The objective was to determine whether critical vulnerabilities existed that could be exploited to compromise SAP systems, to validate compliance with SAP-mandated security parameters, and to provide defensible evidence of due diligence. The engagement aimed to prioritize remediation based on demonstrated business impact and compliance risk.
Layer Seven Security performed a structured engagement aligned with SAP RISE rules of engagement. The scope included SAP S/4HANA Cloud systems, relevant integrations, exposed services, and application-level configurations under the customer’s responsibility. Penetration testing combined black-box and white-box techniques to simulate both external attackers and insider threat scenarios. Using a mix of manual and automated methods, testers conducted reconnaissance, identified vulnerabilities, exploited weaknesses, and demonstrated end-to-end attack paths without disrupting production operations. In parallel, a compliance gap assessment evaluated system settings against mandatory SAP RISE security parameters and hardening requirements defined by SAP for cloud ERP environments. Findings from penetration testing and compliance analysis were correlated to highlight where configuration gaps directly enabled successful exploitation.
The penetration testing uncovered critical vulnerabilities in SAP solutions that were successfully exploited by the testers to achieve full compromise of the SAP environment. Exploitation paths demonstrated how attackers could escalate privileges, access sensitive business and personal data, and gain control over critical SAP processes. The compliance gap assessment revealed multiple deviations from mandatory SAP RISE security requirements, several of which directly contributed to the successful compromise. By linking compliance gaps to proven attack scenarios, the organization gained clear visibility into the risk posed by misconfigurations and insufficient controls. Remediation efforts focused on closing these gaps, significantly reducing the attack surface and eliminating the exploit paths identified during testing.
The findings had a substantial impact on the organization’s security and risk posture. By addressing the critical vulnerabilities and compliance gaps identified, the organization reduced the risk of data breaches, fraud, service disruption, and regulatory penalties. Closing the gaps strengthened adherence to SAP RISE contractual security obligations, improved audit readiness, and helped ensure continued SAP support eligibility. The engagement also increased executive awareness of SAP cyber risk and provided a clear, prioritized roadmap for improving SAP cloud security. As a result, the organization significantly improved confidence in the resilience of its SAP RISE environment against advanced attack scenarios.
This case study illustrates how a large healthcare insurer used penetration testing and an SAP RISE compliance assessment to expose and remediate critical security weaknesses. By demonstrating full compromise of SAP systems and correlating attack paths with compliance gaps, the engagement delivered actionable insight into real-world risk. Closing the identified gaps resulted in a more secure, compliant, and resilient SAP RISE landscape capable of supporting critical business operations in a highly regulated industry.