"When it comes to providing optimal patient care, the use of high-quality technical solutions to support medical treatment processes is essential. "
— Robin Willner, IT Project Manager, Dresden University Hospital
Healthcare remains one of the most frequently targeted sectors in the world. One reason is that health data is incredibly valuable on the black market. Another is that hospitals and clinics are part of critical infrastructure, marking them as attractive and often lucrative targets for ransomware.
Despite validating cyber resilience through regular penetration testing, Dresden University Hospital (UKD) IT Project Manager Robin Willner knew it wasn’t enough. Refusing to take even the slightest chance that his organization’s infrastructure might be compromised, Willner worked with BlackBerry and global solutions provider ISEC7 to perform a full Compromise Assessment (CA) across the organization.
Evaluated the protection of more than 10,000 endpoints
Analyzed coverage for more than 80% of apps and systems
Completed the full assessment and delivering actionable results within a couple months' time
In modern medicine, practically no process is conceivable without IT
— Robin Willner, IT Project Manager, Dresden University Hospital
Fulfilling a Duty of Care
UKD is comprised of seven institutes, 19 interdisciplinary centers, and 25 clinics and polyclinics. Supported by its 5,300 employees, the organization offers services that span the full spectrum of modern medicine. High-performance IT is crucial to delivering these services, and protecting it is a top priority for UKD. This reflects UKD's responsibility as part of the Dresden’s regional critical infrastructure, and legal mandates to manage and reduce cyber risks.
IT's Major Role in Healthcare
Trust is the basis of success in both medicine and information technology. That forms the basis of UKD’s choice of ISEC7 as a trusted advisor, and why the two organizations have continued to work together for many years. A BlackBerry Emerald partner, the Hamburg-based company is globally recognized as a provider of digital workplace and managed mobility services. It also adheres to numerous standards and certifications required by customers such as UKD.
In early 2022, UKD decided to conduct an analysis of its IT security. ISEC7 advised the organization to work with BlackBerry® Cybersecurity Services. After several intensive discussions with ISEC7 and BlackBerry, UKD conducted a rigorous and wide-ranging Compromise Assessment during the summer of 2022.
Securing a Path to Greater Transparency
Performed by experts from the BlackBerry Cybersecurity Services team, such a Compromise Assessment provides detailed indications of active or previous cyberattacks. It also detects data loss and manipulation, and uncovers anomalous activities, behaviors, and configurations.
This deep and globally-corelated historical analysis of an organization’s IT architecture helps to proactively prevent future incidents. Distributed directly to endpoints, BlackBerry’s resource-efficient tools also allow analysis without impacting ongoing operations, which was absolutely critical for UKD.
Had the analysis revealed an ongoing attack, BlackBerry could have seamlessly moved to incident response, traced the full attack chain, and stopped the attack. In this case, the assessment uncovered no critical indicators. BlackBerry generated a final report in October 2022, along with a threat hunting report and catalog of prioritized strategic and tactical risk reduction recommendations.
No More Doubts
Looking back on the engagement, everyone involved in the project has declared themselves satisfied: “The hospital has gained insight into the history of its IT environment,” says Willner. “In terms of its security level, all residual doubts have been eliminated and a hidden attack has been ruled out.”
Willner and the UKD team are now building upon the level of security they have achieved, by putting sustainable security improvements into practice. BlackBerry's recommended actions enabled UKD's internal teams to carry this out. “No matter how secure you feel, there will always be room for optimization,” Willner declares. “After all, a Compromise Assessment is only a snapshot in time.” He adds that advocating for improvements, and analysis like the Compromise Assessment, is crucial: “Nothing works without budget, resources and proper preparation.”
Industry
Location
Products
- Compromise Assessment from BlackBerry Cybersecurity Services