Large Hospital Leverages Managed Detection and Response for Increased Resilience and Compliance Reporting

A leading private hospital must ensure sensitive patient data is always suitably protected. It has gained confidence after subscribing to Kroll Responder, Kroll’s award-winning managed detection and response (MDR) service, for proactive network and endpoint monitoring. The hospital now has peace of mind, knowing it is doing all it can to protect patient data and maintain operational resilience.

The Challenge

Few organizations need to process large volumes of sensitive and private data like those in the health care sector. It is no exaggeration to describe the hospital’s need for operational resilience as critical.

Like all hospitals, this company must manage and maintain a large range of specialist systems, including life-saving medical equipment. Ensuring that these systems are always operational, and that personal patient data can be accessed and shared across a network instantaneously to facilitate medical care, is paramount. Simultaneously, a strict duty exists to ensure that such sensitive and personal information does not end up in the wrong hands.

The organization must also ensure that it is compliant with the requirements of the GDPR, NIS Directive and CQC, which mandate that personal data is suitably protected and breaches are promptly detected, responded to and, when necessary, reported.

The hospital had firewalls and antivirus software but wanted to improve visibility of events inside its network to detect advanced threats capable of evading these controls. At the hospital, security is viewed as a sub-function of the IT department, but the team of six just didn’t have the resources to manage the technologies required to perform 24/7 security monitoring alongside other day-to-day responsibilities. The hospital’s Head of IT says, “Our patients trust us to protect their personal information and by working with Kroll, we extend that trust to them.” 

Kroll's Solution

Knowing that the hospital needed a managed service to provide the capabilities required for proactive network monitoring, the Head of IT for the hospital spent considerable time researching suitable providers to find a solution that met his requirements. Kroll and its MDR service, Kroll Responder, stood out from the crowd, offering a high level of specialist security expertise and technology, plus support to manage cyber incidents.

Combining 24/7/365 security professionals, best-in-class network and endpoint detection tools, and up-to-the-minute industry intelligence, Kroll Responder helps the organization identify, contain and respond to cyber threats, ensuring the continual protection of its systems and data.

The Kroll Responder deployment comprises a leading SIEM technology and Carbon Black Response. Combining these two solutions enables Kroll to achieve wide visibility of events across the hospital’s network and endpoints to detect and respond swiftly to malicious activity whenever it occurs. The network and endpoints are strengthened with detection and monitoring geared towards identifying a wide range of threats, from malware and ransomware to suspicious account activity.

The Impact

Quick and Hassle-free Technology Deployment

When deploying Kroll Responder, Kroll’s engineering team worked hand in hand with the hospital’s IT team to design and deploy a solution that is needs-driven and provides maximum threat visibility. The technology underpinning the solution was installed and then configured to meet the team’s exacting requirements.

24/7 Network and Endpoint Monitoring

Kroll’s global security operations centre (SOC) professionals monitor the company’s infrastructure around the clock and investigate, analyse and triage security alerts generated by the underlying technologies. In the first six months following the deployment of the service, the hospital’s systems generated over 6,200 security alerts. The team at Kroll triaged every one of these alerts to remove false positives and ensure that only genuine incidents were reported for remediation.

Swift Incident Response

Kroll’s global SOCs are always on hand to not only report threats but help the hospital respond to them. On one occasion, it was on the receiving end of an advanced persistent malware attack that targeted multiple endpoints and sought to harvest user credentials and exfiltrate data. Using Carbon Black Response, the Kroll team was able to quickly identify infected endpoints, isolate them from the network and analyze the chain of events associated with the attack to help prevent similar attacks. Had Kroll Responder not been engaged at this time, it’s likely that the attack would have caused significant damage to the hospital’s systems.

Clear Remediation Support

Following the detection of incidents, Kroll’s SOC analysts provide all the advice and support that the hospital needs to quickly address issues and minimize any potential disruption. Kroll’s Redscan threat management platform enables the SOCs to communicate securely with the company’s in-house team.

Sideways Integration with the In-house IT Team

The Head of IT describes Kroll’s SOC professionals as an extension of his in-house team. He’s on first-name terms with Kroll’s analysts and relies on their assistance to not just detect threats but also respond quickly and effectively to them.

Total Reporting Coverage

Kroll provides weekly and monthly reports that help the management team stay abreast of the hospital’s security posture. The reports help demonstrate compliance with the GDPR, CQC and NIS Directive to give confidence that appropriate controls are in place.

Cost Effective

The hospital is very happy with the value of the service, which offers a huge savings compared to the cost of maintaining an in-house team to provide an equivalent threat monitoring and detection capability. Kroll Responder ensures that the hospital doesn’t need to make a large capital investment in resources, recruit and train staff, or regularly invest in new security technologies.

Learn more about Kroll Responder, our Managed Detection and Response solution, and our Cyber Risk Assessments.