Case Study

100% threat protection leads to safer, stronger medical care

In brief


University Hospital Zurich

Product and Services

Critical medical care



Organization Size

8,400+ employees




Omincrom AG


University Hospital Zurich needed more consistent security to effectively protect patients, staff, and 13,000 distributed endpoints.

  • Increase efficacy against modern threats
  • Support virtual environments
  • Meet low CPU resource demands

Migrating to Palo Alto Networks Traps™, and then to Cortex® XDR™, provided state-of-the-art security to minimize risk for UHZ’s sensitive data.

Download PDF Share

Since switching to endpoint security from Palo Alto Networks, University Hospital Zurich (UHZ) now detects and blocks considerably more malware threats—2.5 times as many as with its previous solution. This allows the institution to focus on providing best-in-class medical care without worrying about the damage inflicted by malware attacks.

University Hospital Zurich
One of the oldest and most prestigious hospitals in Europe, UHZ treats hundreds of thousands of patients each year
Source: Universitätsspital Zürich

Critical protection for 13,000 distributed endpoints

Today’s healthcare organizations need to protect their critical data and infrastructure against an ever-growing volume of automated, sophisticated attacks. Nearly every malware attack involves compromising an endpoint. The key, then, is to supply the best protection possible to all users and endpoints, wherever they may be located. UHZ provides an excellent example of how, with the right technology and partners, this can be done easily and effectively.


Extend state-of-the-art endpoint protection for state-of-the-art medical care, anywhere

Every year, UHZ treats nearly 650,000 patients across its medical facilities, clinics, and institutes. It employs more than 8,400 medical and administrative staff members and has deployed more than 13,000 endpoints, including desktop computers and mobile devices. As the head of System Engineering at UHZ, it’s Tom Schütt’s responsibility to protect his staff and endpoints from attacks.

“Securing them all is very important to us,” Schütt explains. “It is vital for us that our endpoint security solution features state-of-the-art technology to help us minimize risk.”

In 2018, realizing they needed more effective endpoint security than their existing on-premises solution could provide, Schütt’s team ran a proof of concept (POC) of Traps advanced endpoint protection, which he had learned about from Omicron AG, a Swiss Palo Alto Networks partner. “When we carried out a software evaluation, Traps was the clear winner,” Schütt remembers. “The most important factor in a solution such as this is its ability to detect malware, and it did that really effectively.” When it came to deployment, Omicron helped optimize the solution for UHZ’s specific needs.


It is vital for us that our endpoint security solution features state-of-the-art technology to help us minimize risk. When we carried out a software evaluation, Traps was the clear winner.

— Tom Schütt, Head of System Engineering


Protect against malware with outstanding scalability and minimal bandwidth impact

In the POC, UHZ compared its existing endpoint security solution’s performance and that of Traps against a robust set of the latest malware. The outcome: Traps detected and successfully blocked 100% of the threats, while the existing solution detected just 40%. In other words, Traps detected and blocked 2.5 times as many malicious files. The POC also demonstrated the strength of Palo Alto Networks security against Metasploit penetration tests on isolated systems.

In 2019, Palo Alto Networks introduced Cortex® XDR™, a new generation of endpoint protection, detection, and response solution, built on the Traps technology and integrating AI- and ML-based prevention, including Behavioral Threat Protection. UHZ knew it was the right solution to keep the hospital ahead of increasingly sophisticated threats. With Cortex XDR installed, UHZ was better prepared for the malware challenges of the future, starting with the COVID-19 pandemic.

Universitätsspital Zürich
Source: Universitätsspital Zürich


Cortex XDR provides category-defining protection

As with so many organizations around the world, in early 2020, Schütt and his team suddenly had to secure thousands of newly remote hospital staff who had been sent home to work due to the pandemic.

“Endpoint security has obviously become even more vital during the COVID-19 pandemic—on the one hand because UHZ is an operator of critical infrastructure, and on the other because at the start of the lockdown in spring 2020, a great number of employees, particularly in management, started working from home.”

Using machine learning, Cortex XDR continuously profiles endpoint, network, and user behavior to uncover the stealthiest attacks. As a cloud-delivered technology, Cortex XDR was uniquely positioned to help Schütt and his team rapidly roll out security for more than 2,000 suddenly remote administrators and staff.


Endpoint security has obviously become even more vital during the Covid-19 pandemic.

— Tom Schütt, Head of System Engineering


AI- and ML-powered detection effectively block 100% of malware

For medical centers like UHZ, malware is a constant challenge. Schütt explains, “Palo Alto Networks was particularly effective at detecting malware—which, in my opinion, is the greatest threat. None of the other products we tested has the behavior-based approach implemented as well as this. And we have seen it proven in live operation, especially now that we have upgraded to Cortex XDR.”

Extremely low resource usage meets easy scaling

In addition to providing unparalleled protection, Cortex XDR has a lightweight footprint that uses very few system resources. This is crucial in virtual client environments, ensuring maximum security without impacting productivity.

“But the main thing for us is that Cortex XDR protects us very effectively from threats,” Schütt stresses. When his team realized they needed to quickly expand Cortex XDR to protect 2,500 additional clients, the cloud-delivered solution scaled almost effortlessly. “These clients are now also protected from attacks,” he says with confidence.

Cortex XDR improved malware prevention at UHZ markedly, along with:
  • Improved efficacy, with 100% of malware blocked
  • Reduced resource utilization on virtual desktops
  • Simplified endpoint protection, easily managed from anywhere

Cloud-delivered protection can be administered from anywhere

Schütt and much of the hospital’s administrative staff spent a good portion of 2020 working from home. “The fact that we use Cortex XDR on a cloud solution and on a security-as-a-service basis has proven to be a great benefit.”

Unparalleled integration drives tomorrow’s SOC

UHZ is currently creating a security operations center (SOC). “A combination of Cortex XDR and the Cortex XSOAR platform would give us a comprehensive solution for security orchestration, automation, and response,” Schütt says.

Improved malware detection minimizes downtime

UHZ is reaping the benefits of a considerably stronger malware detection since deploying Traps, and later Cortex XDR. Employees are now better protected wherever they’re working, so they can focus on providing critical medical care and services to their patients.

For more information, visit