Security Solutions

June 24, 2011
The healthcare industry is making great strides in improving the quality of patient care, and technology is driving many of those improvements

The healthcare industry is making great strides in improving the quality of patient care, and technology is driving many of those improvements at Kettering Medical Center. For a hospital, one of the top prevention issues is security. When patients check-in, they are entrusting their health to our physicians and their confidential medical information to the hospital's network.

Kettering Medical Center Network — made up of five hospitals and 51 medical facilities in Dayton, Ohio — is at the forefront of leveraging technology to improve patient services, using an extensive network of handheld devices, laptops, and other systems to facilitate patient care. Due to the sensitivity and critical nature of up-to-date patient information, all of the hospital's connected devices must be continuously secure and available to facilitate the treatment of patients.

The federal government has also recognized the importance of protecting medical information by passing the Health Insurance Portability and Accountability Act (HIPAA) in the mid-'90s. HIPAA sets the standards for safeguarding the confidentiality, integrity, and availability of medical records. It's no longer a matter of quality healthcare and sound business practices to ensure our network is secure and resilient, it's also a matter of law.

Beyond compliance

In order to ensure the safety of patient information, Kettering wanted to do more than just comply with HIPAA. We had a drive and commitment to be proactive with the hospital's network security measures. The need for HIPAA compliance turned into an opportunity for us to conduct a complete network security assessment.

Given the confidential information that any health organization possesses, a hospital's reputation could be severely damaged by a security breach. If the network goes down because of a security incident, or for any other reason, sensitive patient information is at risk.

Key priorities for our network included enhanced patient data protection, HIPAA compliance, and proactive identification and mitigation of network threats and vulnerabilities.

With the help of Cupertino, Calif.-based Symantec, we were able to put into place the tools necessary to do the job faster and safer, by way of technology.

Previously, we had two full-time employees trying to maintain signatures and updates. Continually inspecting and correlating events from the logs was not only risky, but time consuming and simply not cost-effective.

After careful consideration and a lengthy security assessment, we installed a broad suite of Symantec security solutions to ensure that our network and critical patient and research data were protected and secure. The combination of security technologies and 24/7 threat intelligence reduced security management burdens for Kettering's administrators while enabling HIPAA compliance.

Using a layered approach from the outside-in, we installed a range of products and services to secure our environment.

To provide an outer shield for Kettering's network, we selected Symantec Network Security Intrusion prevention appliances to provide real-time protection against known and unknown attacks and worms. We've raised the security bar to be more proactive and preventive in successfully protecting the network infrastructure before something happens. Inside the network's perimeter, we installed Symantec's AntiVirus and Client Security services to protect Kettering's servers, desktops, laptops, and handheld devices from malicious threats.

An added layer of protection comes from Symantec DeepSight Alert Services and Threat Management Services, which provide early warning and actionable information about relevant potential attacks, including prioritization of events according to the network threat posed.

The value of prevention

By combining products and support with threat intelligence and proactive advisory services, Symantec can keep an eye on all network incidents and provide a more informed perspective on threats than Kettering could manage on its own.

Less than 1 percent of staff time is now devoted to preventing and mitigating the effects of malicious code. This, combined with not having to decipher logs of our firewalls, has resulted in a savings of more than $200,000 annually in staff time alone. We can now allocate staff resources for tasks far more valuable than routine log-checking, and focus on activities that directly benefit patient care.

For example, we recently developed an application called CareLink Simple Sign On, which allows caregivers (physicians and clinicians) to move between and among work stations and easily sign-on to secure applications in any of the hospital's facilities. Prior to CareLink Simple Sign On, it took about two minutes to log in each time someone changed work stations. The CareLink Simple Sign On project reduces that to less than 10 seconds, sparing 1,500 staff hours every day that professionals can devote to more and better quality patient care.

By implementing the right security solutions we are able to obtain more than just intrusion prevention and cost-savings. Our staff now has more time and resources to focus on valuable initiatives that promote our commitment to better patient care. For Kettering Medical Center, this is just the kind of healthy difference we most want to make.

Author Information:Bob Burritt is director of technology for Kettering Medical Center Network, Dayton, Ohio.