Skip to content
Contact Us

Securing EQL's GenPhio Platform

EQL. Phio. logo

Industry

Digital Health

Challenge

EQL needed to secure its Phio SaMD platform, which processes sensitive patient data, while preparing for Cyber Essentials Plus certification. The team faced the challenge of uncovering vulnerabilities in a live production environment without disrupting care delivery.

Results

Periculo’s penetration testing uncovered and resolved key risks, enabling EQL to progress confidently towards CE+ certification. The engagement strengthened compliance, safeguarded patient trust, and validated GenPhio’s security without impacting uptime.

Services

CREST Penetration Testing, Cyber Essentials

www.eql.ai/

“The Periculo team was professional and thorough throughout the entire process. Their detailed report and expert guidance were invaluable in helping us address vulnerabilities in our system. We’re now more confident in our ability to protect sensitive data and meet regulatory standards.”— , EQL

Patrycja Banaszczyk

EQL

Phio. logo

GenPhio

EQL is a digital health innovator focused on accessible, AI-driven musculoskeletal care through their platform Phio.  As part of their mission to deliver clinically robust solutions that prioritise patient outcomes, the team recognised the importance of ensuring their digital infrastructure met the highest cybersecurity standards. This was particularly pressing as they prepared for Cyber Essentials Plus (CE+) certification—a key requirement for building trust with both patients and healthcare stakeholders, including the NHS.

Operating within a live production environment presented a unique challenge. EQL needed to identify and remediate security risks without disrupting the continuity of care their platform provided. Balancing the demands of compliance, operational reliability, and patient trust required a careful, expert-led approach.

The Challenge

GenPhio, EQL’s core digital platform, is central to delivering remote triage and MSK care. It processes and stores highly sensitive patient data, making it an attractive target for cyberattacks. With the healthtech sector facing increasing regulatory scrutiny and heightened cyber threats, EQL had to address several critical risks.

One major concern was the potential exposure of patient data to breaches. Such an incident could not only violate GDPR but also erode the trust that patients and healthcare providers place in the platform. Another pressing challenge was the risk of service interruptions caused by unpatched vulnerabilities. Any downtime or disruption would directly impact patient care, undermining the platform’s reliability.

Furthermore, falling short of CE+ certification posed both reputational and commercial risks. Without achieving the accreditation, EQL could have faced barriers in procurement opportunities and credibility challenges when working with NHS stakeholders. Finally, conducting security assessments in a live production environment created added complexity. Any testing had to be rigorous enough to uncover hidden vulnerabilities while remaining non-disruptive to day-to-day operations.

The Solution

Periculo partnered with EQL to design a bespoke penetration testing engagement tailored specifically to the unique demands of the GenPhio platform. The primary objectives were to uncover vulnerabilities before they could be exploited, reduce operational risk, and create a clear, achievable path to CE+ readiness.

To achieve this, we carried out end-to-end penetration testing that focused squarely on the platform’s production deployment. This approach ensured that the testing was realistic and aligned to how the system is used in practice. Risks were prioritised according to their potential impact on patient safety and data confidentiality, allowing EQL to focus resources on the most critical issues.

All findings were documented in a clear, accessible report written in plain English. Beyond highlighting vulnerabilities, the report offered actionable remediation steps that mapped directly to CE+ control requirements. To enhance visibility and accountability, we also integrated the results into Harpe, Periculo’s proprietary security findings tracker. This gave EQL’s team real-time oversight of outstanding issues, remediation progress, and overall security posture.

Implementation

The engagement was executed in close collaboration with EQL’s internal engineering and compliance teams. The process began with a preparation phase, during which Periculo worked with stakeholders to carefully scope the testing and establish secure access to the live environment. This ensured that testing could proceed safely without the risk of disrupting operations.

Our consultants then conducted a comprehensive penetration test designed to probe for weaknesses while ensuring zero disruption to GenPhio’s live services. The assessment identified two medium-severity findings, each of which was documented in detail with tactical guidance on immediate fixes as well as longer-term strategic recommendations.

Following the assessment, we delivered a final report and facilitated a debrief session with EQL’s team. This collaborative follow-up allowed the client to fully understand the findings, clarify any technical considerations, and take ownership of the next steps with confidence.

Results

Through this engagement, EQL was able to:

  • Resolve critical vulnerabilities before they could be exploited in the wild.

  • Demonstrate tangible progress toward Cyber Essentials Plus certification.

  • Increase internal visibility with real-time risk tracking via Harpe.

  • Gain assurance that their GenPhio platform met security best practices without sacrificing uptime or product performance.

EQL’s partnership with Periculo enabled the secure evolution of the GenPhio platform—advancing compliance goals, protecting patient data, and building trust with users and regulators alike. This engagement reflects how security can be seamlessly integrated into digital health innovation without slowing momentum.

Ready to get started?

Call to action