Landspitali University Hospital Secures Medical Research and Data Protected by GDPR and Icelandic Privacy Law
Netwrix Auditor provides invaluable insights into our IT environment. It helps us be proactive towards the security of research data and highly sensitive personal information. With the software, we make sure that we adhere to the least-privilege model and can pinpoint potential violations before anything bad happens.
Auður Ester Guðlaugsdóttir, System Administrator, Landspitali University Hospital
- Improve the security of patients’ and employees’ PII and PHI to comply with the GDPR and the Icelandic Data Protection Act, which includes ensuring that only authorized staff can access this data.
- Secure other sensitive information, such as contracts, medical devices and research documents, which is crucial for retaining the hospital’s research licenses and ensuring uninterrupted patient care.
A person who worked in the IT department before was hired again but for another position. His old account was re-enabled with all same privileges he had before. That was a serious privilege escalation, but thanks to Netwrix Auditor, we managed to catch and fix this right away.
Auður Ester Guðlaugsdóttir, System Administrator,
Landspitali University Hospital
Auður Ester Guðlaugsdóttir, system administrator at Landspitali, explained her choice of Netwrix Auditor: “It is very smooth and provided all audit data we needed. And everything was working right away.”
- Ensured security of sensitive files. Now the IT department can carefully audit activity that might involve sensitive data, including the personal data of patients or employees, to ensure compliance with the regulations above. They review daily activity across the IT infrastructure and also receive alerts about actions that could put data at risk, such as multiple failed access attempts or someone logging in using a disabled account. Thus, they can spot anomalies in time to protect data from being compromised.
- Streamlined privilege attestations. To ensure that only authorized staff can access sensitive data, the hospital’s management requires the IT team to regularly provide reports on access rights so anyinappropriate permissions can be identified and revoked. Netwrix Auditor streamlines this process, enabling Auður’s team provide accurate reports in less than an hour, whilst before it took 60 hours.
- Enhanced control over Active Directory. Netwrix Auditor provides profound visibility into what happens across Active Directory, which is at the very heart of the hospital’s IT infrastructure. The IT department is notified about changes to the membership of critical groups like Domain Admins, critical computer accounts, OUs, etc., so they can take action quickly to prevent security breaches or system disruptions.
- Ensured the security of sensitive information
- Enabled strong data access governance
- Improved control over critical changes in Active Directory
Landspitali, the National University Hospital of Iceland, is the country’s leading hospital and largest workplace in healthcare, with around 6,000 employees. Landspitali serves three main roles: service to patients, teaching and training of clinical staff, and scientific research. The hospital offers diverse clinical services in outpatient clinics, day patient units, inpatient wards, critical care units, clinical laboratories and other divisions.
Customer: Landspitali University Hospital