Increasing cyber security at the Hradec Králové University Hospital

Strengthening awareness, recording and management of risks and compliance with the requirements of cyber security legislation. Real-time processing and visualization of security events, audit log storage with long retention.

Realization 2019

aricoma avatar

Customer profile

The largest hospital of the Hradec Králové Region, but also one of the largest hospitals in the Czech Republic, whose founder is the Ministry of Health. As a teaching hospital, it participates in teaching students of the Faculty of Medicine of the Charles University in Hradec Králové. The hospital with 4,500 employees has almost 1,400 beds and cares for approximately 40,000 patients every year. Due to a number of highly specialised departments, it provides health care for the inhabitants not only of Hradec Králové and the region, but in some cases also other regions of the country.

Our University Hospital operates many infrastructure systems and a number of applications storing sensitive data. For a long time, we lacked a tool that would act as a central repository for audit trails of traffic and at the same time evaluate cyber security events and incidents in real time. The problem is not the level of security of the audit data itself, but the ability to evaluate it in the context of current cyber threats. With the help of the Integrated Regional Operational Programme call, we were able to afford to acquire one of the most effective SIEM tools on the commercial market.

Ing. Miroslav Procházka

Head of the IT department

Baseline and project objectives

The Hradec Králové University Hospital is investing considerable resources in its computing infrastructure, including in the area of increasing security against cyber threats. However, until now it has lacked a central integrating element for all technologies focused on security.

A SIEM solution will enable a significant increase in cyber security, in terms of early detection of malicious behaviour in systems or on a computer network. A SIEM evaluates real-time data from the entire ITC infrastructure and detects security threats early. It enables proactive testing of vulnerabilities in the infrastructure, builds a reputation database and provides an audit repository function for logs and network flows.

Hradec Králové University Hospital did not have any similar system in the past. Tools of individual system manufacturers were used to a limited extent. The aim was therefore to focus on this area and deploy a tool that could be used to manage security issues from one place. The decision-making process was also accelerated by the possibility to use co-financing from EU subsidies under the call for proposals of the Integrated Regional Operational Programme (Call 10).

There was interest in deploying the solution in a high availability scheme, with throughput in the order of several thousand records per second, an active vulnerability scanner and an audit repository with retention of up to 18 months for selected systems.


  • Significant and sustained strengthening in the area of security risk awareness, recording and management
  • Real-time processing and visualisation of security events
  • Building a long retention audit log repository
  • Setting up proper security logging for key healthcare applications
  • Deployment of a vulnerability scanner integrated into the SIEM solution
  • Meeting cybersecurity legislation requirements for essential service providers
  • Training staff to identify and manage cyber risks
  • Ongoing security support throughout the sustainability of the project


AUTOCONT a.s. delivered a SIEM security solution based on IBM QRadar product, including its subsequent support. The SIEM system was delivered as a pair of devices connected in a high availability scheme with synchronized storage. The SIEM has a throughput of several thousand audit logs (a.k.a. EPS), a license for Network Flow processing and also a license for a vulnerability scanner. 500 event sources are connected to the QRadar SIEM. The system reliably scans more than 200 million events per day.

Authorised and trained staff now have an immediate overview of the security situation in the hospital's cyberspace and, thanks to integration with IBM's reputation database (X-Force), of external threats. QRadar recognizes these devices precisely by linking them to the external reputation database. The project included the supply of technology components, analysis, deployment design, installation, implementation, parameterization, performance and function tests in the form of cyber attack simulations, training, documentation and subsequent service and methodological support.

In addition to the QRadar SIEM and Vulnerability Manager, additional functionality in the form of QRadar Risk Manager, Network traffic capture or Incident Forensics modules can be obtained at an additional cost. These modules provide functionalities focused on advanced attack vector tracking or modeling analysis, in the style of "what-if" analyses when planning changes to the network infrastructure or its configuration.

Used technologies

  • IBM QRadar SIEM


Are you interested in more information or an offer for your specific situation?

By submitting the form, I declare that I have familiarized myself with the information on the processing of personal data in ARICOMA.