Protecting the IT backbone of one of Germany’s largest healthcare providers

One of Germany’s leading healthcare providers, Asklepios, have standardised on the Palo Alto Networks portfolio of cybersecurity technologies to protect patient care, defend data from compromise, and rationalise the scope of compliance. Connected network security and security operation management are supporting Asklepios in its drive to become the country’s most digital healthcare organisation by 2025.

Legacy technology can rarely keep up with the rate of change in modern healthcare. In Asklepios’ case, outmoded network security struggled to keep pace with relentless, sophisticated threats. Integration with state-of-the-art, complex digital healthcare systems was becoming increasingly difficult. And an increasing amount of time was spent on monitoring routine, repetitive alerts. Asklepios’ cybersecurity landscape needed surgery.

Asklepios Kliniken GmbH take their name from Asclepius, the god of medicine in Greek mythology. One of Germany’s largest private clinical healthcare operators, the organisation operates approximately 170 healthcare facilities in 14 of Germany’s federal states, providing a broad range of healthcare services to more than three million patients per year.

Asklepios’ mission is to become the most digital healthcare organisation in Germany by 2025. To achieve that, they needed to overcome multiple cybersecurity challenges:

• Replacing legacy security: Asklepios were relying on an outmoded network security platform that lacked the security visibility and flexibility to keep pace with digital change and protect other legacy systems. For example, integration with modern medical systems – such as imaging diagnostics – was slow and difficult.
• Dealing with complexity: A diverse, fragmented technology infrastructure and technology heterogeneity opened the door to multiple paths of attack and was expensive to maintain.
• Doing more with less: Asklepios’ primary purpose is patient care, not cybersecurity. With 300 IT professionals supporting a total workforce of approximately 68,000 employees, there was a pressing need to automate everyday cybersecurity processes, liberating scarce IT resources to focus on strategic work.
• Achieving compliance: Asklepios needed to adhere to German government and European frameworks for data protection, privacy, and security

Asklepios identified several requirements for their secure, patient-centric future. They would need to:

• Create a reliable and secure IT backbone for their digital strategy.
• Prepare for connected, scalable, and flexible applications, beyond their own ecosystem.
• Provide near-real-time insight into network traffic to identify attacks as they happen.
• Adopt Zero Trust network wide, with user- and application-based traffic control.
• Automate prevention for real-time protection and increased productivity.
• Coordinate action at all enforcement points through shared threat intelligence.

Asklepios chose Palo Alto Networks as their cybersecurity partner of choice. “An initial network security firewall deployment at our Hamburg data centre convinced us that Palo Alto Networks have the cybersecurity vision, product maturity, and healthcare-specific expertise to lead Asklepios’ cybersecurity into the future. Their breakthrough innovations in analytics, automation, and orchestration distinguish Palo Alto Networks from other vendors,” says Daniel Maier-Johnson, Chief Information Security Officer (CISO) at Asklepios.

Building on the successful Hamburg implementation, Asklepios have standardised on a single, connected Palo Alto Networks portfolio to create an adaptive and agile cybersecurity infrastructure. “This strategy moves Asklepios far beyond simple security compliance. We now have an advanced security platform geared to improving patient outcomes, expanding quality and continuity of care, and reducing operational risk,” Daniel says.

Almost 100 Palo Alto Networks ML-Powered NGFWs are deployed at central locations and all regional clinics across Germany. Together, they provide Daniel and his team with unrivalled visibility and insight into Asklepios’ security posture.

The implementation of the cybersecurity strategy is complemented by the Cortex XSOAR orchestration platform. It is a fully integrated component of this dynamic infrastructure. The security analysts in the Cybersecurity department use the security orchestration platform to monitor and automate recurring security routines across the environment.

This agile, unified security portfolio is reimagining Asklepios’ approach to cybersecurity by:

• Delivering robust healthcare cybersecurity: Zero Trust network security is driven by user- and applicationbased traffic control. The portfolio also reduces the risks associated with legacy devices. “We have far greater transparency into risk,” says Daniel. “We have a full picture of the IT landscape, allowing us to support statements with facts. This is helping my security team to become a valuable, trusted partner to the business.”
• Optimising network visibility: Asklepios have near-real-time insight into network traffic to identify attacks as they happen.
• Increasing productivity: Intelligent automation helps the team reduce time spent on labour-intensive manual tasks and coordinates action at all enforcement points through threat intelligence sharing. Using XSOAR orchestration, for example, Daniel estimates the Cybersecurity department examines four times as many cases as it can with manual oversight.
• Improving efficiency: Cloud-delivered security automates threat analysis and updates deployments to help ensure consistent patient data protection.
• Supporting compliance strategy: The advanced cybersecurity portfolio unites people, processes, and technology in support of regulatory compliance.