Region Östergötland Safeguards Healthcare for 500,000 residents with the CrowdSec Blocklists

Region Östergötland, a leading healthcare provider in Sweden, safeguards the healthcare of 500,000 residents with the CrowdSec Blocklists and Threat Intelligence.

---

Region Östergötland is a key healthcare provider in Sweden, serving 500,000 residents with a vast network of medical facilities, including three hospitals, 33 health centers, over 40 dental clinics, and around 14,000 employees.

With such a critical mission — ensuring accessible healthcare — the organization relies on a robust IT infrastructure spanning three data centers and 1,500 servers, 100 of which are externally exposed.

The challenge: A constant barrage of attacks

As a healthcare provider, Region Östergötland is a prime target for cyber threats. Andreas Brogren, Principal Cyber Security Engineer, explains: “We are constantly under attack. The threat landscape is evolving, and we see a lot of noise from internet scanners, brute force attempts, and malicious traffic.”

Before CrowdSec, the team relied on geo-blocking and free IP blocklists, but these solutions were not enough. The security team needed a more proactive, intelligent, and scalable way to block threats before they could impact critical healthcare services.

Why CrowdSec?

After testing free blocklists with promising results, Andreas discovered CrowdSec’s flagship, the CrowdSec Threat Intelligence Blocklist, a real-time, crowdsourced IP blocklist powered by a global network of security experts and machines.

“We bought CrowdSec on a good hunch that it would be effective, but the results exceeded our expectations.

Andreas Brogren, Principal Cyber Security Engineer at Region Östergötland

Blocking 215 million malicious requests in a number of weeks

Since implementing the CrowdSec Threat Intelligence Blocklist in February 2025, Region Östergötland has seen staggering results:

• 215 million malicious IPs blocked in just weeks
• 6 million attacks stopped within the first 2 hours of deployment
• Improved firewall performance by filtering malicious traffic early

“The numbers speak for themselves. CrowdSec has been a game-changer, freeing up our security team to focus on strategic initiatives rather than chasing alerts.”

Number of malicious IPs Region Östergötland blocked using the CrowdSec Blocklists for the time period between the 3rd and 15th of April, 2025. This report was generated by Check Point.

With such impressive results, Region Östergötland plans to evaluate the CrowdSec Security Engine later in 2025 for even deeper threat detection and response.

“We’re excited to contribute our telemetry back to the CrowdSec community. It’s a win-win, we’re safer together.”

CrowdSec is a must-have for healthcare cybersecurity

For organizations like Region Östergötland, where patient care depends on uninterrupted digital services, CrowdSec provides an essential layer of defense. 

“We decided to invest in real-time, community-powered threat intelligence and we won. We drastically reduced attack surfaces while optimizing our security operations.”