Robust multi-level user and data protection of Military Hospital Olomouc

Olomouc Military Hospital was founded in 1748 and is the oldest military hospital in the former Czechoslovak Republic.  It is a contributory organization of the Ministry of Defense of the Czech Republic with supra-regional competence, but it provides its services to patients under all health insurance companies regardless of the connection to the Army of the Czech Republic. To provide its services, it has appropriate medical technology and a working force of 500 highly knowledgeable medical personnel.  Apart from the ENT, surgery, and ICU departments, the hospital is located in the buildings of Klášterní Hradisko.

Before the implementation of this project, the IT infrastructure was built with regards to the required functionality of IT systems, but it did not consider sufficient attention in the field of cybersecurity.

Applications from the outside network were directly exposed to the Internet, lacking two-factor authentication of login accounts. In the IT environment, there were systems for which manufacturers no longer provided basic security updates. Antispam technologies were operated as an external service, and the absence of redundant firewall configuration potentially compromised key external services such as the e-prescription system. Each of the operated technologies stored operational and security logs in different ways and lacked a unified view of the current security situation. 

The original solution was insufficiently secure in view of the ever-evolving cyber threats. The customer perceived the increasing risk very intensely. The aim of the project was to build a modern, comprehensive solution where individual elements of protection automatically communicate with each other, cooperate and increase the effectiveness of security and the speed of response to detected threats.

It was necessary to provide comprehensive and interconnected technology for higher security of the customer's IT systems. This was achieved through the implementation of Fortinet Security Fabric, thereby building integrated protection of IT systems when communicating from the outside environment. In addition, a pair of firewalls in a redundant configuration was implemented to prevent downtime in the event of a failure of one of them.

Nowadays, email is a necessary and usual key tool for everyday communication and productivity in companies.  Unfortunately, it is also a popular attack vector that seeks to steal credentials, obtain sensitive data, or access operating systems.  As attackers increasingly use sophisticated multi-vector campaigns against their targets, email security solutions must provide multi-layered protection. For this reason, the firewalls are linked to the protection of email services, which are implemented through a virtual server and include antivirus and antispam services.   System FortiMail has supplemented the rented services of external entities and reduced the number of spam messages in users' mailboxes.

The project also replaced an outdated service for controlling web traffic between end stations and servers on the Internet, including the implementation of antivirus control for secure communication.
The check is performed by the FortiProxy solution.

Another part of the project was the replacement of antivirus protection of end stations using FortiClient technology. This exchange was carried out regarding the connection with the firewall's security policy, unified management, and the ability to send antivirus logs to one central location with other technologies.  
The most challenging part of this project was deploying the protection of applications and services that are accessible through an external network and that users can log in to from the Internet. Here, cooperation with suppliers of individual applications played a key role, thanks to which a robust solution was eventually built.   Every user who tries to access the application first uses FortiWEB, which is used for authentication through a username, password, and a second factor in cooperation with FortiAUTH, even if the application itself does not allow the use of the other factor. All data that flows between the user on the Internet and applications are controlled using FortiWEB technology.

The whole system is covered by a central repository and log analyzer – FortiAnalyzer. Here, the logs from all security technologies are collected, and in addition to passive storage, "Indicators of Compromise" are searched above the stored logs – characteristic situations that arise when an attacker enters.  FortiAnalyzer thus contributes to active security and can actively alert IT staff to the potential entry of an attacker.