Rapid7 Case Studies Enhancing Cybersecurity in Healthcare: A Case Study of The Royal Orthopaedic Hospital and Rapid7 Partnership

Edit This Case Study Record

	Enhancing Cybersecurity in Healthcare: A Case Study of The Royal Orthopaedic Hospital and Rapid7 Partnership Rapid7

Enhancing Cybersecurity in Healthcare: A Case Study of The Royal Orthopaedic Hospital and Rapid7 Partnership

Rapid7

Technology Category	Analytics & Modeling - Real Time Analytics Sensors - Temperature Sensors
Applicable Industries	Healthcare & Hospitals National Security & Defense
Applicable Functions	Procurement
Use Cases	Cybersecurity Tamper Detection
Services	Cybersecurity Services
Challenge	The Royal Orthopaedic Hospital in Birmingham, England, one of the largest specialist orthopedic centers in Europe, faced significant cybersecurity challenges. The hospital's IT department, led by Ray Mian and Ajmal Khan, was tasked with protecting patient and healthcare records and the IT infrastructure from ransomware attacks. The stakes were high, as any system downtime could have drastic consequences in the hospital environment. A significant challenge was the lack of visibility in the environment. The team was unable to identify their assets and lacked the necessary tools for visibility, discovery, and analysis to assess their security posture within the organization. This lack of visibility was identified as a key weakness in their cybersecurity strategy. Read More
About Customer	The Royal Orthopaedic Hospital, located in Birmingham, England, has been a pioneer in orthopedic care since 1877. It is one of the largest specialist orthopedic centers in Europe, serving patients from the U.K., Europe, and around the world. The hospital operates on a single campus with two on-site data centers and 250 virtual servers. The hospital's IT department, consisting of 20 members, is responsible for managing cybersecurity, ensuring the protection of patient and healthcare records, and the IT infrastructure from potential cyber threats. The department operates around the clock, seven days a week, to maintain the critical networks. Read More
Solution	To address these challenges, The Royal Orthopaedic Hospital implemented Rapid7's InsightVM, InsightIDR, and InsightConnect solutions. These products were chosen for their ease of deployment, automation capabilities, and cloud-based operation, which were ideal for the hospital's small security team. The solutions provided real-time visibility into the hospital's environment, allowing the team to scan all assets and identify discrepancies between expected and actual results. The hospital deployed Rapid7 Insight Agents on all end-user devices to maintain visibility even when devices left the hospital environment. InsightVM enabled the team to scan all subnets in their infrastructure, prioritize patching and remediation, and provide richer information regarding risk. InsightIDR was integrated with about 10 systems as event sources, providing log aggregation, user behavior analysis, and threat intelligence. The team also worked on automating their incident response using InsightConnect, Rapid7’s Security Orchestration Automation and Response (SOAR) solution. Read More Log in to view content
Contents

Technology Category

Analytics & Modeling - Real Time Analytics

Sensors - Temperature Sensors

Applicable Industries

Healthcare & Hospitals

National Security & Defense

Applicable Functions

Procurement

Use Cases

Cybersecurity

Tamper Detection

Services

Cybersecurity Services

Challenge

The Royal Orthopaedic Hospital in Birmingham, England, one of the largest specialist orthopedic centers in Europe, faced significant cybersecurity challenges. The hospital's IT department, led by Ray Mian and Ajmal Khan, was tasked with protecting patient and healthcare records and the IT infrastructure from ransomware attacks. The stakes were high, as any system downtime could have drastic consequences in the hospital environment. A significant challenge was the lack of visibility in the environment. The team was unable to identify their assets and lacked the necessary tools for visibility, discovery, and analysis to assess their security posture within the organization. This lack of visibility was identified as a key weakness in their cybersecurity strategy.

About Customer

The Royal Orthopaedic Hospital, located in Birmingham, England, has been a pioneer in orthopedic care since 1877. It is one of the largest specialist orthopedic centers in Europe, serving patients from the U.K., Europe, and around the world. The hospital operates on a single campus with two on-site data centers and 250 virtual servers. The hospital's IT department, consisting of 20 members, is responsible for managing cybersecurity, ensuring the protection of patient and healthcare records, and the IT infrastructure from potential cyber threats. The department operates around the clock, seven days a week, to maintain the critical networks.

Solution

To address these challenges, The Royal Orthopaedic Hospital implemented Rapid7's InsightVM, InsightIDR, and InsightConnect solutions. These products were chosen for their ease of deployment, automation capabilities, and cloud-based operation, which were ideal for the hospital's small security team. The solutions provided real-time visibility into the hospital's environment, allowing the team to scan all assets and identify discrepancies between expected and actual results. The hospital deployed Rapid7 Insight Agents on all end-user devices to maintain visibility even when devices left the hospital environment. InsightVM enabled the team to scan all subnets in their infrastructure, prioritize patching and remediation, and provide richer information regarding risk. InsightIDR was integrated with about 10 systems as event sources, providing log aggregation, user behavior analysis, and threat intelligence. The team also worked on automating their incident response using InsightConnect, Rapid7’s Security Orchestration Automation and Response (SOAR) solution.

Impact #1	The implementation of Rapid7's solutions has significantly improved the hospital's cybersecurity posture. The real-time visibility provided by these solutions has been critical in identifying and addressing potential threats. The hospital now has a comprehensive view of its environment, which is crucial for staying ahead of the threat landscape and being proactive in its cybersecurity efforts. The solutions have also helped the hospital meet various compliance and regulatory requirements, such as the UK’s DSPT, Cyber Essentials PLUS, and GDPR. The automation capabilities of the solutions have allowed the hospital to scale its operations and focus on critical security tasks. The hospital has achieved its major security goals, including visibility, staying on top of the threat landscape, and meeting operational security objectives.

Impact #1

The implementation of Rapid7's solutions has significantly improved the hospital's cybersecurity posture. The real-time visibility provided by these solutions has been critical in identifying and addressing potential threats. The hospital now has a comprehensive view of its environment, which is crucial for staying ahead of the threat landscape and being proactive in its cybersecurity efforts. The solutions have also helped the hospital meet various compliance and regulatory requirements, such as the UK’s DSPT, Cyber Essentials PLUS, and GDPR. The automation capabilities of the solutions have allowed the hospital to scale its operations and focus on critical security tasks. The hospital has achieved its major security goals, including visibility, staying on top of the threat landscape, and meeting operational security objectives.

Download PDF Version

Overview

Enhancing Cybersecurity in Healthcare: A Case Study of The Royal Orthopaedic Hospital and Rapid7 Partnership

Operational Impact