Rapid identification and response to ransomware attack two weeks before being notified by MSSP
Savings of more than $70,000 per year in technical resources
Greater value at less than half the price of competing solutions
Wood County Hospital has served the patients of Wood County, Ohio, since 1951. Over the years, its operation has expanded to include the main hospital, off-site medical offices, and eight clinics supported by over 700 clinical, administrative, and IT staff. The hospital is committed to providing the highest quality care and patient experience. For the IT team at Wood County, this means delivering consistent application and infrastructure performance to ensure clinicians, administrators, and patients can access the information and systems they need, when they need them. It also means ensuring that these systems, as well as patient data, are protected from increasingly sophisticated and rapidly evolving threats, including ransomware.
For Wood County CIO Joanne White, security is a top priority. The hospital already had a sophisticated security framework in place, including IDS, IPS, firewalls, and SIEM. While these tools helped protect the perimeter and alerted on potential threats, alert fatigue, coupled with lack of visibility into threats inside the network, left Wood County with a crucial gap.
Without ExtraHop, the investigation would have taken days or weeks, exposing the hospital to potentially catastrophic risk.
Joanne White CIO, Wood County Hospital
Seeking to gain critical visibility and improve the signal-to-noise ratio regarding potential threats, White began evaluating network traffic analysis (NTA) technologies, which combine rule-based detection, machine learning, and other advanced analytics to detect and alert on suspicious activities on the network.
Apples to Apples
After considering several options, White and her team decided to evaluate ExtraHop and another NTA vendor. ExtraHop, recommended by several of White's peers at the College of Healthcare Information Management Executives (CHIME), supported many healthcare industry-specific applications and protocols out of the box. ExtraHop also offered visibility into application and infrastructure performance, making it broadly applicable to the IT team. The alternate solution came with a much-hyped user interface and machine-learning claims but was relatively unknown among White's peers. One of the few healthcare organizations to have used it decided to shut the solution down after a year due to escalating costs and complexity.
As the evaluation kicked off, one clear difference emerged immediately: ExtraHop began surfacing concrete insight via dashboards and analytics right out of the box without requiring any customization.
Case in point, during the evaluation ExtraHop alerted White to a device from the physical therapy department that was unexpectedly communicating with her workstation -- and over 100 other machines -- using an unauthorized Universal Plug-and-Play (UPnP) service. Known as a malware attack vector for DDoS and bypassing firewalls, UPnP had been specifically disabled across Wood County's systems -- or so they thought. After seeing this, White was able to take action and quickly quarantine the host.
This granular visibility set ExtraHop apart from the competition. While the other solution could provide some information about which machines the workstation was communicating with, it didn't delineate the protocols and devices making those communications. Uncovering that information would have required manually reviewing logs and re-imaging machines.