Download PDF
Rapid7 > Case Studies > Enhancing Cybersecurity in Healthcare: A Case Study of The Royal Orthopaedic Hospital and Rapid7 Partnership
Rapid7 Logo

Enhancing Cybersecurity in Healthcare: A Case Study of The Royal Orthopaedic Hospital and Rapid7 Partnership

Technology Category
  • Analytics & Modeling - Real Time Analytics
  • Sensors - Temperature Sensors
Applicable Industries
  • Healthcare & Hospitals
  • National Security & Defense
Applicable Functions
  • Procurement
Use Cases
  • Cybersecurity
  • Tamper Detection
Services
  • Cybersecurity Services
The Challenge
The Royal Orthopaedic Hospital in Birmingham, England, one of the largest specialist orthopedic centers in Europe, faced significant cybersecurity challenges. The hospital's IT department, led by Ray Mian and Ajmal Khan, was tasked with protecting patient and healthcare records and the IT infrastructure from ransomware attacks. The stakes were high, as any system downtime could have drastic consequences in the hospital environment. A significant challenge was the lack of visibility in the environment. The team was unable to identify their assets and lacked the necessary tools for visibility, discovery, and analysis to assess their security posture within the organization. This lack of visibility was identified as a key weakness in their cybersecurity strategy.
About The Customer
The Royal Orthopaedic Hospital, located in Birmingham, England, has been a pioneer in orthopedic care since 1877. It is one of the largest specialist orthopedic centers in Europe, serving patients from the U.K., Europe, and around the world. The hospital operates on a single campus with two on-site data centers and 250 virtual servers. The hospital's IT department, consisting of 20 members, is responsible for managing cybersecurity, ensuring the protection of patient and healthcare records, and the IT infrastructure from potential cyber threats. The department operates around the clock, seven days a week, to maintain the critical networks.
The Solution
To address these challenges, The Royal Orthopaedic Hospital implemented Rapid7's InsightVM, InsightIDR, and InsightConnect solutions. These products were chosen for their ease of deployment, automation capabilities, and cloud-based operation, which were ideal for the hospital's small security team. The solutions provided real-time visibility into the hospital's environment, allowing the team to scan all assets and identify discrepancies between expected and actual results. The hospital deployed Rapid7 Insight Agents on all end-user devices to maintain visibility even when devices left the hospital environment. InsightVM enabled the team to scan all subnets in their infrastructure, prioritize patching and remediation, and provide richer information regarding risk. InsightIDR was integrated with about 10 systems as event sources, providing log aggregation, user behavior analysis, and threat intelligence. The team also worked on automating their incident response using InsightConnect, Rapid7’s Security Orchestration Automation and Response (SOAR) solution.
Operational Impact
  • The implementation of Rapid7's solutions has significantly improved the hospital's cybersecurity posture. The real-time visibility provided by these solutions has been critical in identifying and addressing potential threats. The hospital now has a comprehensive view of its environment, which is crucial for staying ahead of the threat landscape and being proactive in its cybersecurity efforts. The solutions have also helped the hospital meet various compliance and regulatory requirements, such as the UK’s DSPT, Cyber Essentials PLUS, and GDPR. The automation capabilities of the solutions have allowed the hospital to scale its operations and focus on critical security tasks. The hospital has achieved its major security goals, including visibility, staying on top of the threat landscape, and meeting operational security objectives.

Related Case Studies.

Contact us

Let's talk!

* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.