Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. More...
I recently sat down with Daniel Maier-Johnson, the Chief Information Security Officer (CISO), and Markus Diehm, Cybersecurity Analyst, with Asklepios Kliniken GmbH, Germany’s second-largest private healthcare provider, to hear about their experience using CyCognito to gain continuous monitoring, prioritize cyber risks, and safeguard patient information.
Vital to any healthcare organization, is keeping patient data safe while complying with an ever-growing number of government regulations. The constant threat of cyber-attacks targeting sensitive patient data, coupled with the necessity to operate around the clock, demanded a robust, efficient exposure management strategy.
Asklepios manages a sprawling healthcare network that includes 170 medical facilities, including 70 hospitals, and 50,000 employees who provide medicine, patient care, rehabilitation, emergency, and ambulatory care. Three of its hospitals are designated as critical care facilities, also known as KRITIS, and are subject to legal requirements such as the Act on the Federal Office for Information Security (BSI Act—BSIG).
“One of our larger challenges involves being very careful and protecting our sensitive patient data,” Maier-Johnson says. “The second challenge we have is we run operations 24 hours a day, seven days a week, from the hospital side. Emergency rooms are never closed; they are always open, and our technology systems must always be available.”
Asklepios Exposure Management Strategy with CyCognito
Maier-Johnson points out that Asklepios takes a centralized IT approach, supported by a team of 330 IT professionals divided into four sub-departments that manage a complex environment, encompassing approximately 5,000 servers, 25,000 endpoints, and around 8,000 network devices.
“Within Asklepios, we have a very centralized approach. Everything we do, we try to do from shared services.”
Despite their structured approach, Asklepios faced significant challenges and lacked management of external assets and vulnerabilities, especially in third-party firms and smaller facilities without dedicated IT staff.
Prior to CyCognito, Asklepios relied on manual penetration testing, a time-consuming and resource-intensive approach. This left them with limited visibility and made identifying and prioritizing vulnerabilities difficult.
Diehm previously held a firm, static picture of the company’s 500 IP addresses, certificates, and some 1,000 outside assets. The turning point for Asklepios came with the implementation of CyCognito.
“When we implemented CyCognito, I was surprised at how our infrastructure looked because you don’t get this overview from anything else,” he says. “With one click with CyCognito, it was easy to understand the security maturity of our public-facing IT landscape.”
Automating Risk Management
Maier-Johnson shares that CyCognito’s automatic detection capabilities and continuous monitoring of external assets replaced manual, time-consuming penetration testing. “We’re using CyCognito to automate as much as possible.”
The automation built into the platform not only saves time but also enhances the organization’s ability to manage risk more efficiently and effectively. This efficiency gain has allowed for more focused efforts on enhancing defenses and closing vulnerability gaps.
Diehm emphasizes the improvement in efficiency, stating, “Before, it took hours to check on our assets and multiple penetration tests to find vulnerabilities. Now, CyCognito gives me that information in one click.”
Figure 1: Business Impact for tested assets and top 10 detected attack vectors
Building Stronger External Defenses and Gaining a Hacker’s Perspective
Maier-Johnson points out that one of the biggest benefits Asklepios has gained from CyCognito is the visibility that the platform provides into its external attack surface. “We use it to see how we can build our wall higher and higher so nobody climbs the wall, and there are no holes or cracks that somebody can sneak through.”
CyCognito has been a game-changer for Asklepios, providing invaluable insight into potential hackers’ perspectives. The platform has significantly enhanced Asklepios’s ability to understand and address vulnerabilities from an external standpoint.
“CyCognito is one of the first most important tools to understand what a hacker can see; it saves a lot of time and helps us to capture all the assets and all the vulnerabilities.”
Figure 2: Impact Analysis Summary
Streamlining Vulnerability Management and Remediation
With such a large organization, and one that’s constantly changing, Maier-Johnson understands his team may never fix everything. “But we need to start with the most critical and the most important,” he says.
By facilitating a risk-based approach to IT security, CyCognito has improved Asklepios’ cybersecurity posture by providing transparency and efficiency in identifying and prioritizing vulnerabilities to remediate first.
“We can say, not only have we found something, but we can say this is how you can fix it,” notes Maier-Johnson. The cybersecurity team then uses CyCognito to see if a particular asset vulnerability has been fixed or not, at which time they can follow up.
While Diehm’s team monitors and detects potential security vulnerabilities, the organization’s other IT departments are responsible for fixing what his team finds, his team also provides information – provided by CyCognito – on how to remediate.
“I get an update weekly and quickly get an overview of new assets that have been added or possible vulnerabilities, and then our remediation process is triggered. Before, it took hours to check on our assets and many penetration tests to identify a vulnerability.”
Stakeholder Reporting on Asklepios Security Posture Improvements
Maier-Johnson notes that CyCognito’s reporting capabilities have proven invaluable in communicating security status and improvements to Asklepios’ Board of Directors. The easy-to-use platform creates reports that he takes to the Board.
“We can show the board ‘here’s what we’ve seen in the last quarter and the changes from the quarter before and so on. We can also show them trends about how we are fixing our external surface.”
Diehm adds, “The entry-level screens are very easy to use, so executives can get a higher-level picture, and then the technical team can take a deep dive to get into the technical information you need. Our infrastructure has grown over the years. CyCognito is helping us get a clue to what’s going on outside our internal environment.”
Looking Ahead
Asklepios faces the upcoming revised European Union (EU) NIS 2 cybersecurity directive, which outlines increased measures for resilience against cyberattacks, minimizing vulnerabilities, and improving cyber defense. NIS 2 will be in effect October 2024. CyCognito’s continuous monitoring and prioritization of cyber risks will help the organization keep compliant with BSI ACT and NIS 2 regulations.
“Whatever you do, you need some kind of transparency, some kind of information, how your outside facing landscape looks like for hackers. I would recommend CyCognito because it’s easy to use.”
As the healthcare landscape evolves, so will Asklepios’ security strategy. CyCognito will continue to play a vital role in protecting patient data, ensuring regulatory compliance, and enabling Asklepios to navigate the ever-changing threat landscape confidently.
Ready to see CyCognito in action? Book some time to talk with us here.
Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.