ProofpointEmail Security Gateway
MX
mxa/mxb-00039202.gslb.pphosted.com (pri 10)
DMARC
p=quarantine (NOT reject)
Sister domains medcity.net + sarahcannon.com use p=reject
SPF
Soft fail (~all) — should be -all
DKIM
Present (custom selectors)
Est. Activation
~2018–2020 High
CF Opportunity: CF Email Security — primary domain has WEAKER email protection than internal domains
OktaSSO / Identity (4 Tenants)
Category
Identity & Access Management
hca.okta.com
Active Primary corporate SSO
hcahealthcare.okta.com
Active Next-gen (tng) infra — migration?
hcait.okta.com
Active IT-specific tenant
medcity.okta.com
HTTP 429 Rate-limited, likely active
Zero Trust
Shadow subdomains (vpn, citrix, adfs, sso) publicly resolvable — not a full ZT architecture
Est. Activation
~2018–2020 95%
CF Opportunity: Cloudflare One (ZTNA + SASE) — 180+ hospitals, 275K employees, replace public DNS for internal apps
ImpervaWAF (UK Only)
Category
WAF — UK Operations Only
Domain
hcahealthcare.co.uk
Evidence
visid_incap_*, nlbi_*, incap_ses_* cookies
DNS
AWS Route 53 (independent from US)
Key Insight
UK team made independent technology decisions — different DNS, WAF, hosting, and cert CA from US
CF Opportunity: Displace Imperva on UK — Cloudflare already in 4 places across HCA
VPN / Remote Accessehc.com (Hidden Domain)
Category
Remote Access / VPN
Discovery
VPN cert reveals *.secure.ehc.com
Previously unknown HCA domain
ehc.com DNS
medcity.net nameservers (HCA-owned)
Email
Same Proofpoint (customer ID 00039202)
DMARC
p=reject (stronger than hcahealthcare.com!)
CF Opportunity: Cloudflare Tunnel replaces VPN — no public DNS exposure needed
Salesforce / ExactTargetCRM + Marketing Cloud
Category
CRM & Email Marketing
CRM
Salesforce (org: 00D5e000003Rx8W)
Marketing
m.hcahealthcare.com → ExactTarget
Reverse DNS still says exacttarget.com (pre-2013 Salesforce acquisition)
Legacy Risk
Infrastructure unchanged for 10+ years
Breach Link
July 2023 breach (11M records) involved "external storage for email formatting" — possibly related