Case Study

How Imelda Hospital locks down data access with Varonis

41,000

hospital admissions

GDPR

compliance

>1,400

employees

Each year we’re striving to get better, so we have to know we’re taking the best possible measures when it comes to protecting our most sensitive information. With Varonis, we know we are in control.

Florin, Security Engineer, Imelda Hospital

Challenge

The hospital knew that it needed to tighten up global access controls to file shares, so that only the right groups of people could access the information they needed. In addition, they wanted a more efficient and automated way to identify anomalous behaviour — such as files opened by individuals who don’t normally access them or human users suddenly behaving like ransomware — that could indicate a security threat.

There were further security challenges. Like many organisations, Imelda Hospital had been the target of the CryptoLocker ransomware. These attacks on the Windows operating system could encrypt users’ files and spread to mapped network drives if the controls and protection around data are not in place. If a compromised individual has global access rights, all the data that they can access will be encrypted. Although the attacks had not been successful, the hospital wanted additional security measures placed around the data to reduce risk.

We are always looking for ways in which we can improve how we protect the privacy and security of our data. With the introduction of the EU General Data Protection Regulation (GDPR) this is of particular importance; we needed to consider any ways in which we could strengthen protections and ensure that sensitive data was not at risk of theft or loss.

Florin, Security Engineer, Imelda Hospital

Solution

  • Take control of sensitive data: After evaluating several products, Imelda Hospital deployed Varonis’ DatAdvantage, which not only provides visibility into the location of sensitive data, but can also pinpoint users that have access to files they do not need to do their job in easy-to-use reports. The hospital also deployed DatAlert to notify the team of any suspicious activity and potential security risks.
  • Enforce a least-privilege model and prepare for audits: Imelda eliminated global access to sensitive data and is enforcing a least privilege model, only granting access on a need-to-know basis. From a compliance standpoint, the hospital now has a robust system for auditing the exact location of its sensitive data.
  • Increase staff efficiency with automation: Moving from manual to automated processes means that the team saves time.

Varonis removed a lot of laborious processes, making it very easy to search for information, rather than having to go through different scripts and logs. We can also be far more proactive in detecting potential threats. In the past, we would have had to wait for a problem and then start searching to find out where the issue originated. Now we get alerts that pinpoint where there’s an issue. It’s a great solution — even if something small changes, we’re immediately notified and can take action.

Florin, Security Engineer, Imelda Hospital

Customer Profile

  • Customer: Imelda Hospital
  • Industry: Healthcare
  • Location: Bonheiden, Belgium

Varonis Products

See what products Imelda uses to protect their sensitive data.

Read more

See how Imelda Hospital uses Varonis to take control of sensitive data.

Download PDF
Learn More

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.