Learn how a leading U.S.-based healthcare system enhanced its ransomware resilience by validating security controls, ensuring vendor accountability, and strengthening defenses to protect critical patient data and care continuity.
- Healthcare Chief Information Security Officer (CISO)
This leading Florida healthcare system serves over 1 million patients annually through a vast network of facilities, including one of the nation’s largest children’s hospitals.
Knowing ransomware is a major risk for hospitals, their security team faced a critical challenge: How can we confidently prove our defenses are prepared to withstand a ransomware attack?
The healthcare system needed quantitative proof that its defenses in depth remained robust and effective against the rapidly evolving threats targeting the healthcare industry. Having limited confidence in its security controls, detection & response capabilities, and no operational assurance to verify that defenses weren’t being compromised, it became challenging to demonstrate continuous risk reduction and the value of its security investments.
The healthcare system engaged OnDefend’s managed Ransomware Defense Validation solution to consistently test and validate the following defenses in depth:
- Secure Email Gateway Validation: We ensure the effectiveness of the email filter to block malicious emails before they reach employee inboxes as well as the anti-spoofing configurations.
- Threat Detection Validation: We measure the accuracy and Mean Time to Detect (MTTD) of threat detection tools, assessing the reliability of alerting mechanisms and validating efficacy.
- Threat Response Validation: We analyze the performance of internal and 3rd party monitoring teams , focusing on the Mean Time to Respond (MTTR) and effectiveness in containing and mitigating cyber incidents.
Ransomware defense validation is provided to this healthcare system on a quarterly basis. For the initial assessment in Q1, the healthcare system’s secure email gateway, threat detection tools, and threat response teams were tested and validated, revealing areas forimprovement across all controls.Following the initial assessment, the healthcare system received a comprehensive report with actionable remediation recommendations, afull narrative of the engagement, and an executive summary for the security team and executive leadership.Remediation, including tool tuning and vendor optimization, was completed before the Q2 exercise. The second quarter attack simulationshighlighted significant improvements following the initial assessment.
After remediating the Secure Email Gateway, the healthcare system improved their ability to detect and block emails containing malicious payloads and reduced spoofing incidents.
Following the initial assessment, the EDR and NDR were optimized and integrated into the SIEM, resulting in a significant improvement in Threat Detection Tool performance.
Following the initial assessment, the security team worked alongside their third-party NDR and NDR providers to improve their Threat Response handling by implementing more robust protocols, ensuring quicker and more effective incident resolution. However, due to evidence indicating that the regional MDR provider was still unable to meet their SLA, the team decided to replace this provider.
/Screenshot%202025-01-24%20at%2012.16.18%20PM.png?width=400&height=298&name=Screenshot%202025-01-24%20at%2012.16.18%20PM.png "Screenshot 2025-01-24 at 12.16.18 PM")
RDV consistently provides clients with proof that their security controls are optimized and not adversely impacted by their team, third-party monitoring providers, or the security tool providers.
While eliminating all risk is impossible, RDV empowers security teams with proactive measures that significantly reduces threats, ensuring their defenses remain resilient even in the most critical situations.
Organizations achieve ongoingassurance that security vendors meet their SLA requirements and consistently deliver the expected level of protection required by the organization to justify investment.
RDV consistently provides clients with proof that their security controls are optimized and not adversely impacted by their team, third-party monitoring providers, or the security tool providers.
This case study is based on insights from our comprehensive whitepaper, which includes detailed findings from the Ransomware Defense Validation assessment that gave this healthcare system confidence in its cybersecurity posture.
