克拉特布里奇癌症中心 信任s Rapid7’s SIEM to Keep Patient Records Secure

挑战

The Center’s three-person security team is responsible for protecting confidential medical records, a task compounded by the fact that patient records are shared with other hospitals. “We're one of about 35 trusts which are linked together through our patients 和 patient records. Thous和s of people who work in healthcare, education, government, 和 councils connect to our site.”

The most pressing challenges are phishing 和 user errors. “我们可以尽可能地安全, 但归根结底还是要靠我们的员工,理查德·皮尔金顿解释道, IT安全经理.

解决方案

To secure their data, Pilkington looked to a SIEM solution 和 chose Rapid7 InsightIDR, a cloud-native SIEM which enables his team to detect 和 respond to security incidents faster.

48小时内从开箱即用到可操作的数据

皮尔金顿和安迪·基尔班, 数码系统保安专员, began the search for a SIEM by identifying which parts of their infrastructure they needed to secure. 中心有一个多租户的环境, 约2,500年端点, 包括医疗设备, 300台服务器和1650个用户. Clatterbridge has a SDA (software defined architecture) Cisco network. 

“我们把它分成了几个类别, 包括端点管理, 服务器管理, 医疗设备, 记录管理, access 和 authentication 和 privileged access management,皮尔金顿说. “We need to monitor all those things 和 that's where InsightIDR came in. 基本上, everything feeds into InsightIDR 和 gives us a one stop shop where we get alerted to anything that happens.”

Kilbane补充道:“我们研究了很多SIEM解决方案. But when we saw InsightIDR, it seemed easy 和 powerful behind the scenes. 我们是对的. It took less than 48 hours for us to go from out of the box to up 和 running with quite a few of our critical systems logged in. The documentation available with InsightIDR was brilliant.” 

警报提供无与伦比的可视性

对于安全团队, the most important feature of InsightIDR is the alerts because they provide visibility into things they wouldn't have seen before, 特别是在活动目录下. “InsightIDR does a really good job of weeding out what is an actual alert,” notes Kilbane. “When we do get an alert, we’re able to react to it quickly. Before InsightIDR, it was a much more involved 和 inefficient process. Now, with InsightIDR we can see everything under one umbrella.”

Pilkington recounts one instance where one of their service desk team members had been reactivating accounts on his own. "使用来自活动目录警报的信息, 我发现了这个问题，并联系了他的经理. Turns out he wasn’t following protocol for reactivating accounts, but we were able to fix it. 这对我们来说是一个巨大的成功.” 

InsightIDR Data Meets the Needs of a Diversity of Stakeholders

The reports InsightIDR generates for the Clatterbridge team provide a complete picture of breaches 和 security incidents over a 30-day period. The data is summarized into monthly reports presented to the organization’s Digital Security Committee which is made up of members representing various departments within the hospital organization. The net effect is that the organization can track breaches accurately 和 show improved performance thanks to InsightIDR.

All NHS 信任s must have a DSPT (Data Security 和 Protection Toolkit) audit. “We received the highest rating assurance we could from the auditors 和 that's because of InsightIDR,皮尔金顿说. “我负责所有的报告, 图表, 演讲, 还有仪表板, so the data InsightIDR gives me for my side of the job is fantastic. And InsightIDR has been a godsend in terms of giving us a lot of data with regards to ISO 27001,皮尔金顿说. “这有助于我们获得27001认证.”

确保患者数据安全是对患者的护理

“Keeping patients’ data safe is patient care in its own way,皮尔金顿说 “You don't want to be on a medical device that's suddenly attacked by a virus or stops working. 我们不在那个位置, but hospital budgets are being reduced year on year every year 和 it can be hard to justify investing in cybersecurity vs medical personnel. 但是如果你被攻击了, you see the fallout from it 和 the money it costs to recover if you ever do recover.”

“The bottom line is that InsightIDR gives us broad assurance that we’re in a safe place,皮尔金顿说. “So, we can go to our board 和 say, “Look, this is where we're at. 这就是我们正在做的. 这是上个月我们被入侵的次数. And that gives the board 和 all our stakeholders assurance that we’re in a safe environment with regards to cybersecurity. 这让生活轻松了很多.”