University of Kansas Hospital: A Cisco Umbrella Case Study

The challenge: gaining transparency to secure sensitive data

Ranked among the nation’s best hospitals every year since 2007 by U.S. News & World Report, The University of Kansas Hospital is the region’s premier academic medical center. Physicians teach as faculty members at the KU School of Medicine and are at the forefront of medical discoveries taking place at the KU Medical Center, a research leader in cancer treatment and prevention, neurology and liver and kidney transplantation.

Like every hospital, University of Kansas Hospital prioritizes its IT security as to avoid threats such as malware from affecting or theft of its patient’s sensitive data.  This means that they have to safeguard every medical device that is connected to their network, any compromise to this could cause a life-or-death situation.  Besides this, as an academic hospital as well, they also deal with a lot of sensitive research data and intellectual property.

When the time ransomware was beginning to impact hospitals around the world, University of Kansas Hospital started to look for security solutions that would help deliver their commitment for the best possible healthcare experience.  This led them to realize that visibility was a major challenge and attacks were starting from DNS.

The solution: security that starts at the DNS layer

To start improving the existing security design, University of Kansas Hospital started to initially implement different solutions to help produce very basic information about the infected machines, however they lacked full visibility into the source of the infection.  Meaning that they could see the malicious sites being accessed but only trace the infection only till the proxy server, IP address, or their DNS server.

 “First we just pointed our external DNS requests to Cisco Umbrella’s global network, which netted enough information to prompt an instant ‘Wow, we have to have this!’ response,” Duong says. “When our Umbrella trial began, we saw an immediate return, which I was able to document using Umbrella reporting and share with executive stakeholders. Those numbers, which ultimately led to executive buy-in, spoke volumes about the instant effect Umbrella had on our network.”

After they did an initial test of pointing their external DNS requests through the Cisco Umbrella global network, it provided enough information for them to immediately start a trial with Umbrella.  After beginning their trial, they were able to see immediate returns, which were then documented through Umbrella’s reporting and shared to their executive stakeholders.  This eventually led to an executive buy-in for Umbrella.

The result: Bolstered security and unprecedented insight

For University of Kansas Hospital, Deploying Umbrella was fast while also giving them an immediate time-to-value experience.  In just one hour of Umbrella going live, they saw a huge increase in visibility, protection, and blocked malicious traffic.  From their usual 100,000 hits against the network (20 to 30 percent of which were ransomware), they were able drop the number down to nearly zero with Umbrella.

Once they enabled AD integration as well to their Umbrella (which took only an hour), they were able to move from struggling to find attacks to being able to correlate users with events and trace every clock of their online journey.  This also gave them ways on how to investigate and understand each threat that was hitting their network to help better understand user behavior to help better mitigate them as efficiently as they can.

Cisco Umbrella has dramatically improved the incident response of University of Kansas hospital for the better, one incident before Umbrella would have taken 2 days now has been lessened by at least 75% or even can be done in 30 minutes.



To learn more about Cisco products, you can visit our Cisco Product Page here or you may call us at 893-9515 and we would be happy to answer your inquiries!