When lives depend on uninterrupted services, security must be strong—but seamless.
This case study explores how NHS Blood and Transplant (NHSBT), a core part of the UK’s National Health Service, overcame critical identity security gaps to protect patient-critical systems. With over 7,000 users and a legacy-heavy IT environment, NHSBT lacked the ability to enforce MFA for domain administrators and had no visibility into hundreds of service accounts—posing a serious risk to patient safety and compliance readiness.
Partnering with C-STEM, NHSBT selected Silverfort to fill the gap. Following a fast and low-disruption rollout, they enforced MFA on all domain admin logins and gained full visibility into dormant and high-risk service accounts—advancing their compliance with the NHS DSPT and Cyber Assessment Framework (CAF).
In this case study, you’ll learn how NHSBT:
- Closed long-standing MFA gaps for domain admins in Active Directory without complex rearchitecture.
- Cleaned up hundreds of service accounts by identifying dormant identities and shadow admins.
- Enabled future-focused strategy, including risk-based access policies and contractor access controls.