Great Western Hospitals NHS Foundation Trust provides acute community health services across the Wiltshire region of South West England. Its Swindon-based Great Western Hospital features an emergency department and urgent care center, which services a combined 90,000 patients a year. Around 18,000 operations are performed annually in its 14 operating facilities.

IT Technical Operations Manager, Bev Sismey, handles operational security for the Trust’s massive system of networks, servers, and phone lines. The system serves around 6,000 users and includes over 300 mainly virtualized VMware servers running Windows.

Healthcare organizations (HCOs) are a popular target for threat actors due to the large volumes of personal and health information stored. The life-saving services HCOs deliver also make them a target for ransomware, as cybercriminals look to monetize these organizations’ reluctance to put patient care at risk. The third most frequently targeted by ransomware in 2021, this sector also experienced the second highest volume of phishing detections.

Although they weren’t specifically targeted, NHS became an early victim of ransomware when WannaCry struck in 2017. This malware campaign caused damages estimated in the tens of millions of pounds and triggered severe disruption to patient care services after unpatched Windows machines allowed it to spread.

"Trend Micro gives us an extra level of security without impacting the organization immediately."

Bev Sismey
IT Technical Operations Manager,
Great Western Hospitals NHS Foundation Trust

In addition, NHS has rolled out rigorous internal policies to prevent a similar event in the future. “Trusts were left to their own devices before, but that’s not the case anymore,” explains Sismey. “Because each Trust effectively has a private connection into the national health and social care network, they have to prove that they’re mitigating against vulnerabilities and patching each month across the entire estate.”

The number of new threats, paired with the persistent challenge of managing patching across legacy servers, led the NHS IT team to introduce vulnerability shielding capabilities into their security stack. While the organization was partnered with Trend Micro for a web filtering solution, Sismey reached out for a proof of concept (PoC).

“We didn’t feel like our incumbent product was doing what it said on the tin,” says Sismey. “It was the vulnerability shielding that sold it to me. I thought ‘if we can make the organization understand the benefits Trend Micro can give us, it will sell itself.”

After a successful PoC, Sismey and the Trust decided to invest in Trend Micro Deep Security Software to protect servers and Trend Micro Apex One for endpoint protection.

Delivering runtime security for physical, virtual, cloud, and container workloads—all from a single agent—Deep Security provided NHS with:

• Automated, host-based security for seamless auto-scaling
• Global threat intelligence from the Trend Micro™ Smart Protection Network™
• Proactive defense against known and unknown threats with vulnerability shielding
• Integrated API-based security for CI/CD pipelines
• A comprehensive range of threat protection capabilities, including intrusion
• prevention (IPS), integrity monitoring, machine learning, and application control

In addition, Trend Micro Apex One provides Sismey’s team with layered endpoint security that includes vulnerability shielding, application control, and integrated detection and response.

Over the past three years, Trend Micro has helped the Trust build a positive reputation for best practices security, thanks to its vulnerability shielding capabilities.

“If you have a critical vulnerability Trend Micro is always ahead of the game,” says Sismey. “It’s enabled us to present upwards and outwards to NHS Digital that we’ve already mitigated risk even before Microsoft has given us a patch to deal with it.”

In addition to mitigating risk on legacy servers, Deep Security was proven effective at protecting clients against current threats like the Apache Log4J vulnerability.

“Sometimes we just cannot upgrade a server because of the historic data on it, which can’t be exported to a replacement solution,” explains Sismey. “Trend Micro allows us to put a security wrapper around those devices. We have regular audits and these older systems, protected by Trend Micro, are never on the list requiring further action or intervention. No one can get through that wrapper. Trend Micro has proven its worth time and time again.”

Deep Security also provides Sismey with peace of mind needed to focus on planning upgrades according to her own timetable.

“When you get a zero-day threat, you always need to reboot servers once a Microsoft patch comes out. But Trend Micro gives us an extra level of security without impacting the organization immediately,” concludes Sismey. “We can plan with the organization when to have the interruption. It feels like we’re a lot more in control.”

"If you have a critical vulnerability Trend Micro is always ahead of the game. We’ve already mitigated risk even before Microsoft has given us a patch to deal with it."

Bev Sismey
IT Technical Operations Manager,
Great Western Hospitals NHS Foundation Trust

As for the future, Bev Sismey believes the Trust is in “pretty good shape” from a cyber risk perspective. That’s good news for her and the many thousands of local residents who rely on it for essential care.