University Hospitals Geneva

Key figures

• 8 public hospitals
• 2 clinics
• 13,000 employees

The context

The fruit of a centuries-old tradition of excellence in medicine and science, the University Hospitals of Geneva (HUG), was formed in 1995. Comprising Geneva’s eight public hospitals and, since 1 July 2016, two clinics, it is Switzerland’s leading university hospital. The HUG has three main missions: healthcare, teaching and research. Part of the public information system is based on around thirty websites and web applications that need to be secured. This is where UBIKA, European leader in the application security market, comes in. UBIKA’s WAF has the capacity to prevent attacks on the application layer while maintaining considerable ease of administration.

When it comes to making an existing website more secure, there are two possible solutions: completely rewriting the site and thus directly integrating a security layer, or installing equipment to protect it against flaws and ward off any attacks or data theft.

Rewriting or correcting a site after each vulnerability announcement is time-consuming and requires significant financial and human resources.

The second approach with secure equipment therefore proved to be the most appropriate solution.

“Given the multitude of sites to be protected, we need to be able to take different factors into account and be able to adapt the security layer according to the needs of each. For example, for sites that can be accessed from a personal device, the protocol to be put in place is different to that for a ‘simple’ hospital intranet,” explains Franck Calcavecchia, Information Security Officer at HUG.

The project is complex from a technical point of view, and requires a partner capable of responding appropriately to the issues and challenges defined.
“For this reason, working on this project with a company such as WAF specialist UBIKA remains the most effective way of rapidly protecting vulnerable websites.”

The solution

In order to respond to the HUG’s problem, UBIKA proposed a solution that provides maximum security for applications of different typologies, with a Web application firewall that blocks attack techniques based on incoming http/https flows and counters attacks and vulnerabilities including those in the OWASP top 10.

“These days, with everything connected and data flowing constantly, IT managers need to be all the more vigilant, particularly when it comes to managing so-called personal data, which includes medical data. Technological developments represent a danger for the protection of health data,” explains Franck Calcavecchia, Information Security Officer at HUG.

Benefits for Geneva University Hospitals

The benefits of using UBIKA application security solutions are manifold and can be
from two different points of view:

The simplified integration of UBIKA solutions has enabled the HUG to quickly have the necessary means to secure their applications. The code developed for certain applications a long time ago would have required costly rewriting in terms of resources and budget.