Your address will show here +12 34 56 78

With increased frequency of data breaches making headlines, protecting sensitive information has become ever more important and vital. The healthcare industry is no exception and yet many have flaws and outdated IT infrastructure that contribute and even facilitate data breaches. Hospitals and medical clinics are aware of these critical concerns and becoming wary of its vulnerabilities.  Having worked in the healthcare IT industry, I can attest to this challenge that many medical facilities encounter.  Compliance, network security and data protection are only tip of the iceberg challenges that large number of healthcare facilities faces.

Recently, while collaborating with our business partner (Cisco), an appropriate and timely case study was shared with us. It was a perfect example how a well-known hospital (name withheld due to client confidentiality agreement) can be susceptible to IT security weaknesses. Let’s take a closer look at how a particular institution managed to correct the situation.



What happens when a cutting- edge medical center suffers from outdated network security?


It’s possible to lead the world in an industry—medicine in this case—and to simultaneously lag behind when it comes to network security. One large national hospital system faced serious IT challenges. Network investment had been put off to the point of opening critical security vulnerabilities. A massive attack surface and limited visibility meant a threat could penetrate the network and remain hidden for months. It put critical systems, employees, patients, and the hospital’s reputation at risk.




Several factors combined over time to put this hospital especially at risk.


A flat network

The hospital’s aging network infrastructure—including outdated switches—left it open to threats. Most hospital networks have parallel networks that separate clinical systems, research facilities, guest access, and administration. In theory, different networks should never touch each other.


However, this hospital had a flat network without separation or network segmentation. Rather than separating by function, VLANs were assigned by floor. Doctors, staff, students, and medical equipment shared the same network, multiplying the attack surface and exposing the hospital to threats. Gaining visibility into suspicious behaviors on the network was challenging, and ensuring compliance with HIPAA and other regulations was a struggle.


Device overload

The hospital had more than 15,000 non-upgradable endpoints, and many of them were interconnected. Heart machines, lung machines, proton-beam therapy machines, and others were connected to the network and even to the Internet.


The hospital needed to gain control of its flat, exposed environment. Some endpoints were running versions of MS-DOS that had been installed as far back as 1992, leaving the network vulnerable to advanced or sophisticated threats. More than 600 Windows NT4 devices and nearly 7000 Windows XP devices on the hospital’s network suffered from end of support, lack of patches, and an inability to run current antivirus software. To make things more difficult, FDA approval required devices to remain as originally shipped from the manufacturers, so a system upgrade could mean noncompliance.


A patchwork of unsuccessful solutions

IT had tried to make things work. They segmented the network using traditional models. They patched and established VLANs. They even tried transparent firewalls to limit user access to appropriate files and resources without much success. Buying new devices would mean spending lots of money without solving the underlying issues. The team faced a harsh reality: They needed more visibility, insight, and control, while meeting compliance guidelines.



Third-party consultants, hospital IT professionals, and hospital executives agreed that something had to be done, and that they should step back and look at security holistically. The right strategic approach was to find a way to understand how the applications, users, and devices were connected and to put network controls in place.

Cisco security consultants led a 2-week workshop with engineers, business analysts, and executives. Concluding that the hospital needed a more advanced network that could support segmentation, the team crafted a high-level network design, an 18-month rollout plan, and a detailed governance model. The most intelligent approach was to use the architecture supporting the network (NetFlow) to link its security and networking together.


The plan was simple:

Upgrade legacy switches, routers, and wireless technology to incorporate key security solutions including NaaE and NaaS, allowing for visibility, segmentation, and control.

Engage the Cisco Advanced Services team to ensure a successful implementation within the allocated time.

Standardize the process for adding new components onto the network.



Cisco secures the network.


Cisco NaaS turns your network into a threat monitor or sensor. It includes NetFlow technology, which is already embedded into most Cisco IOS networking devices; Cisco StealthWatch solutions; and the Cisco Identity Services Engine (ISE).


Cisco IOS NetFlow was created by Cisco to provide visibility into the network. NetFlow tracks every network conversation with a record that includes source, destination, timing, and protocol information for deep visibility. It can tell who is talking to whom, with what, from where, and for how long, including how much data was exchanged, storing months of information.


Cisco StealthWatch adds threat intelligence through analytics to NetFlow data to accelerate response. The Cisco StealthWatch solution can analyze network audit trails, identify anomalous activity, and zero in on the root causes of attacks. With the solution, you can detect network traffic flows and behavior associated with advanced persistent threats (APTs), distributed- denial-of-service (DDoS) attacks, and insider threats.


Cisco ISE provides contextual data including who, what, where, when, and how users and devices are connected and accessing network resources.


Cisco NaaE enforces security policies. It extends capabilities by activating Cisco TrustSec technology already embedded in Cisco ISE.


Cisco TrustSec technology works with ISE to contain the scope of an attack. Cisco TrustSec technology uses security group tagging to create virtual network segmentation, and ISE enforces policies across the segments. Segmentation allows for quarantining of threats to limit malicious activity.


These solutions not only help the hospital identify threats, but also help it understand legitimate data flows and logical traffic groupings to determine network segmentation.


Cisco TrustSec technology can be integrated easily with newer switches, access points, and firewalls. With Cisco TrustSec solutions, the hospital doesn’t need to worry about the IP addresses. It can focus on classification. And the clarity provided by NetFlow allows the team to develop a set of rules that make sense. ISE creates user policies and puts users into groups. Granular business and policy rules allowed the hospital to enforce access, enabling the appropriate communications for the appropriate devices.


It is vital to be able to isolate medical equipment and data from the rest of the network so the hospital can prevent attacks by enforcing segmentation and user access. Now even if attackers get in, their access is limited to one network segment.





Bonus benefit:
Outstanding security drives innovation.

Employee satisfaction


Quality research

More meaningful patient experiences


Beyond the immediate security and compliance benefits, the hospital had witnessed a significant unexpected benefit: operational efficiency. They have reduced manual updates, human error, and repetitive tasks, and the network team can now quickly identify application, server, and network performance issues.


The new agile network gives patients and employees
what they want most: security, speed, availability, and improved services. It is the foundation for other future technologies. With security covered, the hospital can begin rolling out new applications that connect employees with each other and with patients in innovative ways. New mobility, information- sharing, and collaboration applications have potential to further streamline operations.



– Security woven in at every level—switches, routers, and access points
– Upgraded network architecture across the hospital
– Deep and broad visibility into unknown devices and unusual tra c patterns
– Authentication of users and devices
– Enforced policies across wired, wireless, and VPN topologies



– Keep current with constant waves of new users, devices, and applications.
– Reduce manual updates, human error, and repetitive tasks.
– Easily comply with audits for HIPAA, PCI, and other regulations.
– Reduce down time costs and liability.
– Ultimately deliver more accurate and reliable patient care.


Hopefully the shared case study helps shed some light on the complexity yet fixable approached to filling holes and updating the network security. It is also important to note that every industry is vulnerable to attacks and that only way to have a fighting chance is to proactively fend off intruders using the right technology and tools. Another key note, Cisco wireless networking products is the only manufacturer for IT network to have the exclusive endorsement of the American Hospital Association (AHA). With that said, personally, I would prefer to arm myself with a light saber than a butter knife. Wouldn’t you?



Note: Micropac is an authorized Cisco partner and reseller. Case study in this article was furnished and shared by Cisco as part of its public content material. For Free Network Assessment or Quote, Please Contact Us.