Global Network of Accounting & Consultant Firms | Nexia | German healthcare leader scales its IT security team with UnderDefense MDR - Global Network of Accounting & Consultant Firms

UnderDefense worked with Germany’s biggest and oldest healthcare organisation, with more than 100 different centres, institutes, and departments.

They offer a wide range of healthcare services with state-of-the-art equipment and highly qualified personnel. The institution is regularly listed among the best hospitals locally and globally.

The client challenge

Cyberattacks on healthcare organisations are increasing at an alarming rate. Hospitals and other health institutions globally experienced on average more than 1,400 cyberattacks peer week in 2022. The statistics demonstrated a 74% growth compared with 2021, according to Check Point Research. But most importantly, cyberattacks led to not only financial or reputational losses but patient deaths (attacks on University Hospital Düsseldorf in Germany and Springhill Medical Centre in Alabama, U.S).

The specific challenges included:

Limited visibility on 25,000 endpoints and weak cybersecurity posture.
Prevalent alert fatigue demoralising the entire security system and burning out expensive internal IT security employees.
Heavy reliance on out-of-the-box configurations of security tools.
The IT security team working 8-5 overwhelmed by alerts, viruses, malware, and ransomware attacks. Employees requested many changes, permissions, and whitelisting.
Increasing cyberattacks targeted at healthcare institutions.

The solution

UnderDefense, utilising its experienced team and established MDR service, promptly collaborated with the client, averting 15 severe incidents in their infrastructure. They fine-tuned EnSilo (now Fortinet), fortifying Windows and MacOS systems across the hospital for comprehensive endpoint protection and tackling alert fatigue. This included automated incident detection and response against modern cyber threats. They also monitored and combated malware on over 20,000 endpoints.

In the initial year of partnership, UnderDefense analysed extensive data logs and processes, addressing over 55,000 potential threats, eliminating false positives, providing feedback on allowed events, and notifying the client about 73 confirmed attacks. They effectively managed and remediated 27 advanced persistent threat (APT) attacks and responded to three threats using their incident response plan. The collaboration involved extensive communication, including active sessions, calls with the client’s IT specialists, and direct calls to the SOC hotline. Their efforts contributed to a 10-point increase in the client’s CIS maturity level.

Value

The collaboration with UnderDefense enabled the client to reallocate their costly in-house security team, redirecting their efforts towards critical cybersecurity initiatives specific to their industry and operations. This shift eliminated the need for internal engineers to dedicate time to continuous frontline alert monitoring. Furthermore, they no longer contend with an overwhelming influx of contextless alerts. Instead, UnderDefense delivered comprehensive reports complete with actionable instructions. This support empowered the IT Director to effectively tackle security vulnerabilities and areas of oversight within the expansive hospital infrastructure.