Customer Story
Imperial College NHS Trust
Imperial College Healthcare NHS Trust, one of the largest NHS trusts in England, partners with BlueFort to create a continuous protective approach to cyber threat discovery, assessment and patch remediation.
Imperial College Healthcare Trust was established over one hundred years ago, and provides healthcare services to more than 1.5 million people across its five London hospitals. Notable achievements include the discovery of penicillin in 1928 by Alexander Fleming in his laboratory at St Mary’s, Hammersmith Hospital was the first hospital in Europe to use filmless x-rays in 1994, and Prince George, Princess Charlotte and Prince Louis of Cambridge were born in the Lindo Wing at St Mary’s Hospital.
Key challenges
- No way to prioritise vulnerability remediation due to lack of patching strategy and multiple cybersecurity tools generating huge volumes of reports
- Manual patching processes using significant team time and resources
Overview of the situation
WannaCry was a global ransomware attack that occurred in May 2017, locking users out of infected computers and holding their data for ransom. The NHS was among those hit by the attack, with more than 600 NHS organisations affected, including 34 hospitals directly.
In the aftermath of WannaCry, Imperial College NHS Trust found itself struggling to stay on top of both the discovery and remediation elements of its cybersecurity program. Within the NHS, there is a particular emphasis placed by NHS Digital on the importance of patching to improve each NHS organisation’s security posture.
The lack of strategy around its patching approach meant that multiple cybersecurity tools were in use, but the volume of reports being generated made it impossible for the trust’s IT security teams to know what to prioritise. Rather than focusing on proactive threat hunting and response, the team was spending up to three days a week on manual patching.
“BlueFort provided professional services to help throughout the project. We can’t have SMEs for everything and with the speed that the security landscape changes it’s better for us to lean on the experts.
We are working with security infrastructure so we cannot afford to take any risks. We like the assurance that we have BlueFort experts doing all the heavy lifting.”
Adrian Lau, Infrastructure Manager, Imperial College Healthcare NHS Trust
A continuous protective approach to cyber threat discovery, assessment and patch remediation through automation
BlueFort knew that automation was key. Spending days on manual patching was not an option. Drawing on BlueFort’s tried and tested methodology of discovery, validation, and control, its consultants mapped out how the trust’s existing legacy processes could be automated to create a continuous protective approach to cyber threat discovery, assessment, and patch remediation.
BlueFort recommended automated patching remediation tools because of their ease of use and rich security posture improvement capabilities. The solution’s underlying scanning engine performs security patch and hotfix assessments with detailed granularity. It captures missing patches, including logging the appropriate security bulletin name, detailing the files in each hotfix, and applying the latest patches.
A comprehensive view of the IT estate
Although Imperial College originally viewed the automated patching exercise as a one-off, point-in-time exercise to free up resources and boost its cybersecurity posture, its security team realised there were longer-term benefits to viewing its entire IT estate through the lens of BlueFort’s methodology of discovery, validation, and control. This methodology is closely aligned with Gartner’s Continuous Threat Exposure Management (CTEM) program which recommends organisations establish regular repeatable cycles as part of a continuous threat exposure management programme.
Moving to a continuous discovery, validation and remediation cycle
The goal of BlueFort’s methodology is to help security teams have a consistent, actionable security posture remediation and improvement plan, that is continually updated and easy to understand and act upon. Simply put, you cannot secure what you don’t know about. What started as an automated patching exercise, now utilises an agentless approach to deliver a continuous cycle that maps Imperial’s wider IT estate, delivering accelerated threat visibility and remediation.