The vulnerability assessment revealed several critical security gaps that posed significant risks to UNMU’s network infrastructure and sensitive data. Most alarmingly, we discovered unsecured Protected Health Information (PHI) due to weak or absent database encryption, leaving nurses’ and midwives’ personal and medical records vulnerable to exposure. Additionally, multiple servers were running outdated operating systems (Windows Server 2012) and unpatched Linux distributions, exposing them to known exploits. Further inspection identified open Remote Desktop Protocol (RDP) ports accessible from public networks, creating a prime entry point for ransomware and brute-force attacks. Weak authentication measures, including default credentials on administrative panels and lax password policies, compounded these risks, while misconfigured cloud storage buckets exposed internal documents to unauthorized public access. To remediate these issues, we immediately enforced stronger encryption protocols (AES-256) for PHI, applied critical patches and OS upgrades, disabled unnecessary RDP access, implemented multi-factor authentication (MFA), and reconfigured cloud storage permissions with strict access controls. These measures significantly hardened UNMU’s security posture, ensuring compliance with data protection regulations while mitigating the risk of breaches.