This article can also be found in the Premium Editorial Download "Information Security magazine: Is your data safe from next-generation attackers?."
Download it now to read this article plus other related content.
UTM Boosts Hospital's Immunity
By Bill Brenner
Tavares Marsh and Eric Conrad have a big job overseeing IT security for the 12,000-employee, 250,000-patient Caritas Christi Health Care chain in Massachusetts. Their IT shop, in the Dorchester section of Boston, is the hub of a network spanning two medical centers, four hospitals and a vast array of remote doctor's offices--all of which rely on the Internet to trade data back and forth.
More than 5,000 medical personnel access a network of about 5,000 Windows machines--including servers and wireless devices--and about 30 UNIX servers. Such a large environment is a potential gold mine for online attackers. A hacker who successfully cracks the network could then access information on patients' medical histories, pharmaceutical needs and insurance data--including policy codes and Social Security numbers.
But Marsh, the senior IT engineer, and Conrad, the network security manager, say they're not about to let that happen. This is the story of how they try to keep the bad guys at bay.
They have plenty of help, to be sure. Each hospital and medical center has its own IT shop with about 100 staffers across the enterprise. They've built an intrusion defense with multiple layers of AV, firewalls, spyware scanners and IDS tools from vendors and the open source community. They also use a unified threat management platform as
Caritas Christi's multi-layered defense starts with its main Check Point Software Technologies firewall and backup firewall support from Fortinet. Its desktop AV comes from CA, while corporate e-mail is scanned using the open-source Clam AV and an AntiVir scanner from Avira.
"E-mail and Internet activity get scanned multiple times by multiple tools," Conrad says. "That way, if a piece of malware evades one scanner, it'll be caught by another scanner."
This was first published in June 2006