A Digital Protection Solution for a Medical Research Institute

A well-known medical research Institute had to protect their research and development management systems in the medical field in order to avoid any potential data leakage or compromise. Find out how Mithril focuses on data protection.

INDUSTRY: Healthcare & Medical Research

Healthcare is one of the most adversely affected sectors in terms of cyber-attacks, since Healthcare data might be more valuable to cyber-criminals than social security numbers or credit cards. If compromised, personal or health data can never get back if they leak out. It is therefore more important for the healthcare industry than any other sector to keep data safe.

The difficulty to help patients and the need to protect the extremely sensitive information of them has always been a hard task and that’s the reason why the sector has seen some really bad cyber-attacks in the past. Covid-19 adds and extra-efforts to this and makes matters worse.


Mithril allowed the Medical Institute to protect the Institute main website and the Digital Laboratory management system against the all the vulnerabilities listed in the OWASP 10 (The Ten Most Critical Web Application Security Risks).

Mithril Team analysed the Web applications and exposed services of the Institute, finding lots of vulnerability that was almost impossible to fix in a short period, as it would have required a massive effort in terms of coding and development.

Mithril offered a protection from those attacks without the need to review a single line of code of the vulnerable WebApps.

The chart below shows a sample of the most dangerous bad requests and attacks that were blocked from Mithril during the first 6 months of protection. 

grafico 2

What would have happened without Mithril?

Without the WAF protection, those kinds of attack would have allowed an attacker to inject a malicious script or steal the session of a legitimate user. This means: gaining access to the platform with consequent exfiltration of sensitive information of patient or researchers of the institute.



Mithril is a Web Application firewall as a Service that protects websites and web application by placing itself between the user and the customer’s web server.

In order to route the traffic to the client’s websites and web applications through Mithril WAF, only a simple change to the DNS zone is required.

22% of the malicious bots that visit your website pretend to be real browsers: Mithril Bot & Crawler detection is a system that is able to understand if the user who visits a site is a “normal” browser or if it is a crawler or bot. Since investigating the User-Agent it’s not enough, the Human Detection System dynamically generates a JavaScript Challenge that the user’s browser must automatically resolve to gain access to certain website areas.



When the Mithril protection is on, it offers a Rule Set dedicated to the main CMS (e.g. WordPress) which allows to detect and block:

  • brute-force attacks
  • user enumeration
  • failed login alerts
  • prevent access to unused and default functions such as API, XMLRPC, etc…

Here below you can find a sample of the panel interface of Mithril detecting some of the most common attacks, such as SQL injection, Cross-Site Scripting and remote code execution (RCE).

grafico 1

Choose Mithril as the Web Application Firewall and API Protection for your company’s Data Protection.