Hospitals are therefore increasingly dependent on their digital infrastructure. At the same time, they face the same attack scenarios as all networked companies. Malware such as ransomware and other incidents such as phishing attacks repeatedly affect healthcare facilities and cause damage that is not only financial.
The gateway for malware and phishing is often Internet access at the workplace - despite common security measures such as virus scanners, firewalls or content filters. However, completely blocking Internet access is not an option in an organization as heterogeneous and information-dependent as a hospital. Instead, what is needed is a solution that allows users convenient access to resources on the network while effectively preventing the intrusion of malware.
secunet safe surfer acts as a web isolation solution and data gateway for secure Internet use. The decisive factor for use in the healthcare sector is user-friendliness. The safe surfer was developed so that it can be used like a conventional browser with all the convenience functions. As a result, user acceptance is good and IT departments are not burdened with time-consuming training measures.
This is also confirmed by the experience of Klinikum Fürth, which introduced the safe surfer throughout the hospital in 2020.
Expansion at the request of employees
The impetus for the introduction of safe surfer came from reports in the trade press about cyberattacks on large hospitals and a direct attack (Emotet) on the hospital in December 2019. In February 2020, the hospital contacted secunet, and an initial webinar was held for selected employees from the IT department. Shortly thereafter, the implementation project was started. This confirmed the hoped-for acceptance of the solution:
The uncomplicated use of safe surfer was so convincing even during the one-month test phase that we significantly increased the number of licenses in the rollout project at the request of our employees and now provide all areas of the company with secure Internet access.
The solution: secunet safe surfer
The secunet safe surfer solution was developed on the basis of the BSI security architectures Remote-Controlled Browser System (ReCoBS) and Browser-in-the-Box. Here, each browser session takes place in a compartmentalized environment within a specially hardened Linux system, which in turn runs in a separate network segment. This remote browsing session is only remotely controlled by the workstation via video stream - only image and sound data are transmitted. This very basic separation even fends off hardware-related attacks - in addition to all the usual dangers such as infectious websites. Nevertheless, safe surfer allows the creation of personal favorites and the upload and download of files just like a native browser. With the additional function safe reader, infected e-mail attachments can also be effectively blocked. If the user opens a compromised attachment with safe reader, the malware cannot reload any malicious code because there is no direct connection to the Internet.