Hospitals are therefore increasingly dependent on their digital infrastructure. At the same time, they face the same attack scenarios as all networked companies. Malware such as ransomware and other incidents such as phishing attacks repeatedly affect healthcare facilities and cause damage that is not only financial.
The gateway for malware and phishing is often Internet access at the workplace - despite common security measures such as virus scanners, firewalls or content filters. However, completely blocking Internet access is not an option in an organization as heterogeneous and information-dependent as a hospital. Instead, what is needed is a solution that allows users convenient access to resources on the network while effectively preventing the intrusion of malware.
secunet safe surfer acts as a web isolation solution and data gateway for secure Internet use. The decisive factor for use in the healthcare sector is user-friendliness. The safe surfer was developed so that it can be used like a conventional browser with all the convenience functions. As a result, user acceptance is good and IT departments are not burdened with time-consuming training measures.
This is also confirmed by the experience of Klinikum Fürth, which introduced the safe surfer throughout the hospital in 2020.
Expansion at the request of employees
The impetus for the introduction of safe surfer came from reports in the trade press about cyberattacks on large hospitals and a direct attack (Emotet) on the hospital in December 2019. In February 2020, the hospital contacted secunet, and an initial webinar was held for selected employees from the IT department. Shortly thereafter, the implementation project was started. This confirmed the hoped-for acceptance of the solution:
The uncomplicated use of safe surfer was so convincing even during the one-month test phase that we significantly increased the number of licenses in the rollout project at the request of our employees and now provide all areas of the company with secure Internet access.
High acceptance clinic-wide
Due to the pandemic, the rollout from spring to summer 2020 was somewhat slower than under normal conditions, but safe surfer has now been in productive operation since July. Flexible expansion will remain possible in the future, because safe surfer is scalable in ongoing operation, with a transparent licensing model. As a result, safe surfer is also being used in patient-facing areas and has not led to a noticeable increase in support requests to IT, reports Klinikum Fürth. "Using the browser works almost as usual. For example, I can copy links into the browser bar, make online data entries or securely download corresponding data. Especially in dynamic times, such as the current pandemic, fast, uncomplicated and secure data exchange with other clinics - for example, on online portals on free treatment capacities - is essential and essential for daily work",
says Dr. Manfred Wagner, Medical Director and Pandemic Officer at Klinikum Fürth. And safe surfer also conserves resources in the IT department in other ways: thanks to a management server, it can be administered centrally for all departments. Numerous standardized interfaces help with integration and automation.
Klinikum Fürth is confident that with safe surfer it has found the optimal solution for keeping unknown sources isolated. "The German Federal Office for Information Security (BSI) advocates securing access to the Internet via a Remote Controlled Browser System (ReCoBs). We were happy to follow this recommendation by deploying Secunet safe surfer in order to meet the requirements of the IT Security Act for a KRITIS hospital in this respect as well," says Herbert Motzel, head of the IT security systems department at Klinikum Fürth.
The solution: secunet safe surfer
The secunet safe surfer solution was developed on the basis of the BSI security architectures Remote-Controlled Browser System (ReCoBS) and Browser-in-the-Box. Here, each browser session takes place in a compartmentalized environment within a specially hardened Linux system, which in turn runs in a separate network segment. This remote browsing session is only remotely controlled by the workstation via video stream - only image and sound data are transmitted. This very basic separation even fends off hardware-related attacks - in addition to all the usual dangers such as infectious websites. Nevertheless, safe surfer allows the creation of personal favorites and the upload and download of files just like a native browser. With the additional function safe reader, infected e-mail attachments can also be effectively blocked. If the user opens a compromised attachment with safe reader, the malware cannot reload any malicious code because there is no direct connection to the Internet.