Imelda Hospital

Imelda Hospital Locks Down Data Access with Varonis

The Customer

Location: Bonheiden, Belgium

Industry: Healthcare

Products: DatAdvantage and DatAlert

Located in the forests of Bonheiden in Belgium, Imelda Hospital is a modern, dynamic general hospital providing high-quality patient care through the most innovative techniques. Serving the local area, it has more than 500 beds and manages 41,000 hospital admissions and more than 180,000 consultations per year.

We are always looking for ways in which we can improve how we protect the privacy and security of our data. With the introduction of the EU General Data Protection Regulation (GDPR) this is of particular importance; we needed to consider any ways in which we could strengthen protections and ensure that sensitive data was not at risk of theft or loss.

— Florin, security engineer

Background

Imelda Hospital attaches great importance not only to the standards of health care for its patients but also to new advancements in technology and is constantly updating its techniques to reflect this ethos. This translates not only to its modern approach to medical practices but also underpins the processes across the administration of the hospital.

It places the protection and integrity of its information assets at the heart of its security strategy. With 1,400 employees, 160 doctors and more than 100 volunteers, it is essential that access to data is locked down, and that sensitive information is protected and managed in the most effective way.

The IT team is responsible for managing networks and security in the hospital and is tasked with ensuring that the controls around the privacy and security of data are fit for purpose.

A security engineer for the hospital, Florin, comments, “We have a reputation for delivering the highest standards in patient care and this objective for excellence is something that filters right across the whole hospital. IT security and the protection of sensitive information, from patient and clinical data to financial and personnel records, are a high priority.”

Protecting Critical Data in the Age of Ransomware

The hospital knew that it needed to tighten up global access controls to file shares, so that only the right groups of people could access the information they needed. In addition, they wanted a more efficient and automated way to identify anomalous behaviour — such as files opened by individuals who don’t normally access them or human users suddenly behaving like ransomware — that could indicate a security threat.

As Florin explains, “We are always looking for ways in which we can improve how we protect the privacy and security of our data. With the introduction of the EU General Data Protection Regulation (GDPR) this is of particular importance; we needed to consider any ways in which we could strengthen protections and ensure that sensitive data was not at risk of theft or loss.”

There were further security challenges. Like many organisations, the Imelda Hospital had been the target of the CryptoLocker ransomware. These attacks on the Windows operating system could encrypt users’ files and spread to mapped network drives if the controls and protection around data are not in place. If a compromised individual has global access rights, all the data that they can access will be encrypted. Although the attacks had not been successful, the hospital wanted additional security measures placed around the data to reduce risk.

Taking Control of Sensitive Data with Varonis

After evaluating several products, Imelda Hospital deployed Varonis’ DatAdvantage, which not only provides visibility into the location of sensitive data, but can also pinpoint users that have access to files they do not need to do their job in easy-to-use reports. The hospital also deployed DatAlert to notify the team of any suspicious activity and potential security risks.

“Varonis offered the best solution for us, not only in terms of performance but also its ease of use. Deployment was straightforward and, in a matter of hours, it was up and running.”

Almost immediately, the team recognised the difference that Varonis delivered by alerting the team to any changes or anomalous activity that could pose a risk, automatically. The team is using DatAdvantage to track changes to privileged groups, such as Domain Administrators, and alert on important changes to group policies, password settings, permissions, and more.

Imelda eliminated global access to sensitive data and is enforcing a least privilege model, only granting access on a need-to-know basis. From a compliance standpoint, the hospital now has a robust system for auditing the exact location of its sensitive data.

Moving from manual to automated processes means that the team saves time. “Varonis removed a lot of laborious processes, making it very easy to search for information, rather than having to go through different scripts and logs. We can also be far more proactive in detecting potential threats. In the past, we would have had to wait for a problem and then start searching to find out where the issue originated. Now we get alerts that pinpoint where there’s an issue. It’s a great solution — even if something small changes, we’re immediately notified and can take action.”

Florin is equally impressed with the support from Varonis. “We’ve had no issues with the product itself and have had excellent support from the team. Upgrades are straightforward and if we have any queries we always get a prompt response. Each year we’re striving to get better, so we have to know we’re taking the best possible measures when it comes to protecting our most sensitive information. With Varonis, we know we are in control.”

***

Varonis Risk Assessments quickly show you where your most vulnerable data is stored, who is accessing it, and what needs to be done to secure it. Find out more here.