Case Study: Cwm Taf Morgannwg University Health Board strengthens visibility, segmentation, and compliance with Armis

UK Healthcare System Relies on Armis to Discover, Segment, and Secure Essential Medical Devices, IoT, and Legacy Assets

Cwm Taf Morgannwg University Health Board, a healthcare provider in South Wales serving about half a million people across three main hospitals, struggled with limited visibility into network traffic and connected assets. The team needed better insight into legacy medical devices, IoT assets, and end-of-life systems that couldn’t be updated, especially to identify vulnerabilities, segment critical devices, and meet UK security requirements such as NIS2 and GDPR. To address this, the health board turned to Armis, using Armis Centrix™ for Medical Device Security and Armis Centrix™ for VIPR.

Armis deployed collectors across the hospitals, integrated with tools like Cisco WLAN/ISE, DHCP, SCCM, Microsoft Defender, SolarWinds, and antivirus systems, and enabled passive monitoring, vulnerability prioritization, and automated response. As a result, Armis discovered 65,000 to 70,000 IP-connected assets, helped uncover unknown medical devices, and supported segmentation of legacy servers and departments such as the blood bank. Armis also improved compliance reporting and gave the health board data to justify third-party patching and future remediation efforts.

Cwm Taf Morgannwg University Health Board

Thomas Evans

Head of Cybersecurity Operations