Nuevo Hospital de Toledo, one of Europe’s largest and most advanced hospitals, represents the future of smart healthcare infrastructure. But with innovation comes complexity and with complexity comes cyber risk.
In partnership with Kaspersky, the hospital undertook a comprehensive cybersecurity transformation to secure its IT and Operational Technology (OT) environments. Here’s how this collaboration enhanced visibility, governance, compliance, and long-term resilience.
A Smart Hospital at Massive Scale
Located in Castilla-La Mancha, Spain, the Nuevo Hospital de Toledo is:
- Serving over 435,000 residents
- Spanning 246,964 m²
- Operating 850+ patient beds
- Powered by 150,000+ smart sensors
- Specializing in oncology and nuclear medicine
- Inaugurated in 2020
As a state-of-the-art smart building, the hospital manages not only healthcare delivery but also extensive non-care services including:
- Gas and lighting control systems
- Air conditioning and environmental management
- ICT infrastructure
- Full campus maintenance
This advanced infrastructure meant cybersecurity had to be equally sophisticated.
The Challenge: Visibility Gaps and OT Vulnerabilities
When transitioning from the construction phase to full operations, the hospital identified critical challenges:
1. Limited IT and OT Visibility
There was insufficient governance and monitoring across both corporate IT systems and industrial OT environments.
2. Asset Management Gaps
As a brand-new facility, inconsistencies emerged in asset tracking and configuration management.
3. Security and Compliance Risks
Vulnerabilities existed in both networks, threatening regulatory compliance—including Spain’s National Security Scheme requirements.
4. Operational Exposure
Industrial systems controlling building functions such as gas, lighting, and air conditioning – were at potential risk of cyber threats.
The hospital required a full audit, enhanced governance, and a unified cybersecurity framework.
Why Kaspersky Was Selected
After evaluating multiple suppliers, Nuevo Hospital de Toledo chose Kaspersky based on:
- A comprehensive product portfolio
- Strong pre-sales clarity and support
- High-quality proof-of-concept performance
- A consultative, service-driven approach – not just product deployment
José Carlos Fernández, IT Manager and CISO, emphasized the importance of transparency and hands-on support in building confidence during implementation.
The Solution: A Full IT and OT Security Overhaul
The project began with a comprehensive audit of IT and OT infrastructure, including:
- Asset inventory
- Vulnerability and risk assessment
- Security and compliance review
Step 1: Corporate IT Protection
Kaspersky deployed endpoint protection across the hospital’s corporate network, providing:
- Full endpoint visibility
- Advanced threat detection
- Centralized governance
This established strong foundational IT security.
Step 2: Securing the OT Environment
Given the hospital’s scale, OT security was mission-critical.
The deployment included Kaspersky Industrial CyberSecurity solutions designed specifically for industrial enterprises. These solutions:
- Protected industrial operator panels, workstations, and servers
- Monitored industrial network traffic
- Enabled extended detection and response (XDR) capabilities
- Safeguarded critical OT assets from cyber-initiated threats
Importantly, the implementation followed a non-intrusive, modular approach, ensuring no disruption to hospital operations.
Key Outcomes and Business Impact
The cybersecurity transformation delivered measurable results across operational, regulatory, and financial dimensions.
1. Full Visibility and Governance
The IT team gained complete control over both IT and OT environments, enabling:
- Proactive risk management
- Improved oversight
- Better incident response readiness
2. Regulatory Compliance
The hospital significantly reduced vulnerabilities and achieved readiness for certification under Spain’s National Security Scheme.
3. Optimized Performance
By identifying and resolving OT device configuration issues, the hospital:
- Optimized server load
- Improved network performance
- Freed up technical resources for strategic initiatives
4. Strategic Cost Savings
The project consolidated suppliers and reduced:
- Training complexity
- Support costs
- Operational overhead
5. A Long-Term Cybersecurity Partnership
The collaboration laid the foundation for continued growth, with potential expansion into advanced solutions such as SIEM and further XDR capabilities.
Lessons for Smart Infrastructure and Healthcare Leaders
The Nuevo Hospital de Toledo case demonstrates that:
- Smart buildings require integrated IT and OT cybersecurity strategies.
- Visibility is the foundation of governance.
- Compliance readiness must be proactive – not reactive.
- Choosing a partner with both products and services expertise is critical.
For hospitals and critical infrastructure operators, cybersecurity is no longer a supporting function—it is central to operational continuity and patient safety.
Conclusion: Securing the Future of Smart Healthcare
As healthcare facilities grow more connected and sensor-driven, the attack surface expands dramatically. Nuevo Hospital de Toledo’s proactive approach shows how modern hospitals can secure both clinical and operational systems without disrupting service delivery.
Through a strategic partnership with Kaspersky, the hospital not only mitigated risk but also strengthened performance, governance, and long-term resilience – setting a benchmark for smart healthcare cybersecurity in Europe.
