Healthcare Practice Scales 12 → 47 Endpoints with HIPAA-Aware IT
A growing NJ healthcare practice migrated to Microsoft 365, segmented its network, and tripled its endpoint count without IT growing pains or compliance gaps.
47
Endpoints under management
3
Locations on unified network
0
PHI-related security incidents in 18 months
14 min
Average ticket response time
Timeline
8 weeks for initial migration, ongoing managed services
Services used
The challenge
A specialty healthcare practice in northern New Jersey had grown from a single location with 12 staff to a three-location group with 47 endpoints in under two years. Their original IT was a part-time consultant and a Synology NAS. Their EHR ran on a single on-prem server in the original location's back office. Compliance documentation was thin. Their malpractice carrier had begun asking pointed questions about HIPAA-aware infrastructure. Leadership wanted to keep growing — there was a fourth location in the works — but knew the IT model was at its limit.
Where they were
One physical server with the EHR running on it. Local backups to a Synology NAS in the same building. A consumer-grade firewall and unmanaged switches at each location. Email running on a hosted Exchange product with no MFA. PHI flowing through staff personal email accounts to coordinate referrals. No documented BAAs with vendors. No incident response plan.
This is, candidly, the typical state of small-practice healthcare IT before someone forces the issue.
Where they needed to be
A multi-location infrastructure that could handle continued growth. A documented HIPAA-aware control set their malpractice carrier and internal compliance officer could verify. MFA on every PHI-touching system. A backup architecture that would survive a ransomware event. A consistent network at every location that the staff could not accidentally bring down.
What we built
Microsoft 365 migration. Moved email and collaboration from hosted Exchange to M365 Business Premium with full security and compliance features as part of a cloud migration. MFA enforced day one. Conditional access tied to managed devices. Office Message Encryption for any external PHI transmission.
Endpoint management with Intune. Every workstation enrolled in Microsoft Intune. Standardized image, encrypted disks, screen lock policies, application control. Onboarding a new staff member is now a 30-minute process; offboarding is a single click in Entra ID.
Network redesign at every location. Cisco Meraki at all three sites with separate VLANs for clinical, administrative, and guest networks. Site-to-site VPN connecting them. Centrally managed; the same dashboard sees all three.
Backup architecture. Image-based local backups with off-site replication to immutable storage. Quarterly recovery tests with documented results.
EHR on a managed virtual server. Migrated the EHR from on-prem hardware to a managed virtual server with proper backup, monitoring, and patching. No more “the EHR is down because the AC failed in the back office.”
HIPAA documentation. Written policies, BAA tracking with every PHI-touching vendor, annual risk analysis with remediation tracking, documented incident response plan.
HIPAA-tuned training. KnowBe4 with healthcare-specific phishing simulations and PHI-handling training, delivered to every staff member quarterly.
What changed
Onboarding a new location now takes a week, not two months. The fourth location came online with no IT delay. Their malpractice carrier renewal moved from “we have questions” to “everything looks fine” without consulting hours. Tickets are resolved in a fraction of the time they used to be.
The practice manager said it best in the quarterly business review: “I forget IT is a thing. That is the goal, right?”
Gallery
Stack we used
- Microsoft 365 Business Premium
- Microsoft Intune for device management
- Microsoft Defender for Endpoint
- Datto BCDR with immutable backup
- Cisco Meraki firewall + switch + AP
- KnowBe4 HIPAA-tuned training
"Predictable monthly bill, fast response, and they actually answer the phone. We grew from 12 to 47 endpoints with no IT growing pains."
More case studies
- Construction
Construction Firm Office Relocation: Cabling, Network, and Phones in One Weekend
A 35-person construction firm in Staten Island moved offices on a Friday evening and walked into a fully working environment Monday morning — cabling, switches, phones, AV, the whole stack.
Read more about Construction Firm Office Relocation: Cabling, Network, and Phones in One Weekend - Transportation & Logistics
Logistics Company Builds Out 28,000 sq ft Warehouse with Cameras, Access, and Wi-Fi
A growing 3PL company opened a new warehouse in northern New Jersey and engaged Sage to handle every piece of low-voltage and IT infrastructure: structured cabling, Wi-Fi, security cameras, access control, and the back-office network.
Read more about Logistics Company Builds Out 28,000 sq ft Warehouse with Cameras, Access, and Wi-Fi - Restaurants
12-Location Restaurant Group Recovers from Ransomware in 11 Days
A multi-location restaurant group switched MSPs after a ransomware near-miss. We rebuilt their security stack, network, and POS infrastructure across 12 sites in under two weeks.
Read more about 12-Location Restaurant Group Recovers from Ransomware in 11 Days
Want results like these?
A 30-minute call gets you a written assessment in 48 hours.