The Silverfort case study detailing the partnership with NHS Blood and Transplant (NHSBT) and C-STEM focuses on bridging critical identity security gaps within a high-stakes healthcare environment.
Responsible for the UK’s blood and organ supply, NHSBT managed over 7,000 users across a legacy-heavy IT infrastructure that lacked visibility and control over administrative access. The primary challenges included an inability to enforce Multi-Factor Authentication (MFA) for domain administrators and a complete lack of oversight for hundreds of service accounts, which posed significant risks to patient safety and regulatory compliance.
By deploying Silverfort’s identity security platform, NHSBT achieved a rapid rollout that successfully enforced MFA on all domain administrator logins within Active Directory without requiring complex re-architecture or downtime. The solution provided immediate visibility into the organization’s service account landscape, allowing the security team to identify and clean up hundreds of dormant identities and "shadow admins". This visibility was crucial for advancing compliance with the NHS Data Security and Protection Toolkit (DSPT) and the Cyber Assessment Framework (CAF).
The case study highlights that Silverfort’s agentless technology enabled NHSBT to implement risk-based access policies and stronger controls for contractors without disrupting time-sensitive medical workflows. Ultimately, the project transformed NHSBT’s security posture from a reactive state to a future-focused strategy, ensuring that critical patient services remain protected against lateral movement and ransomware threats while maintaining the high availability required for life-saving operations.
