IoT Case Study: Enhancing Data Security in Healthcare with Managed Detection and Response

The customer in this case study is a leading private hospital based in London, UK. Founded in 1982, the hospital has a reputation for illustrious patronage and is known for processing large volumes of sensitive and private patient data. The hospital manages and maintains a wide range of specialist systems, including life-saving medical equipment. It is committed to ensuring that these systems are always operational and that personal patient data can be accessed and shared across a network instantaneously to facilitate medical care. The hospital also has a strict duty to protect this sensitive information from unauthorized access. Furthermore, it is obligated to comply with the requirements of the GDPR, NIS Directive, and Care Quality Commission (CQC), which mandate the protection of personal data and prompt detection and response to breaches.

The case study revolves around a leading private hospital in London, UK, founded in 1982, that was grappling with the challenge of safeguarding large volumes of sensitive and private patient data. The hospital, like all healthcare institutions, had to manage and maintain a wide range of specialist systems, including life-saving medical equipment. Ensuring these systems were always operational and that patient data could be accessed and shared across the network instantaneously was crucial. At the same time, the hospital had a strict duty to prevent this sensitive information from falling into the wrong hands. The hospital also had to comply with the requirements of the GDPR, NIS Directive, and Care Quality Commission (CQC), which mandate that personal data is suitably protected and breaches are promptly detected, responded to, and reported. Despite having firewalls and antivirus software, the hospital sought to improve visibility of events inside its network to detect advanced threats capable of evading these controls. The hospital's IT department, a team of six, lacked the resources to manage the technologies required for 24/7 security monitoring.

To address these challenges, the hospital turned to Redscan's Managed Detection and Response (MDR) service. The Head of IT for the hospital spent considerable time researching suitable providers and found that Redscan offered a high level of specialist security expertise and technology, plus support to manage cyber incidents. The MDR service combines 24/7/365 security professionals, best-in-class network and endpoint detection tools, and up-to-the-minute industry intelligence to help the hospital identify, contain, and respond to cyber threats. The MDR deployment comprises of AlienVault® USM Anywhere™ and Carbon Black Response. These two solutions enable Redscan to achieve wide visibility of events across the hospital’s network and endpoints to detect and respond swiftly to malicious activity. The network and endpoints are strengthened with detection and monitoring geared towards identifying a wide range of threats, from malware and ransomware to suspicious account activity.

• The deployment of Redscan’s MDR service resulted in quick and hassle-free technology deployment. Redscan’s engineering team worked closely with the hospital's IT team to design and deploy a solution that met the hospital’s specific needs and provided maximum threat visibility. Redscan’s CSOC professionals monitor the company's infrastructure around the clock and investigate, analyse and triage security alerts. They also provide swift incident response and clear remediation support. The Head of IT views Redscan’s CSOC professionals as an extension of his in-house team and relies on their assistance to detect and respond to threats quickly and effectively. Redscan also provides weekly and monthly reports that help the management team stay abreast of the hospital’s security posture and demonstrate compliance with the GDPR, CQC, and NIS Directive.

• Redscan’s MDR service generated over 6200 security alerts in the first six months following deployment, all of which were triaged to remove false positives and ensure that only genuine incidents were reported for remediation.

• The hospital saved significantly on costs compared to maintaining an in-house team to provide equivalent threat monitoring and detection capability.

• The service eliminated the need for the hospital to make a large capital investment in resources, recruit and train staff, or regularly invest in new security technologies.