St. Patrick's Mental Health Services is the largest independent, not-for-profit provider of mental health services in Ireland. Founded more than 270 years ago as St. Patrick's Hospital by Jonathan Swift, dean of St. Patrick's Cathedral and noted literary figure, St. Patrick's Mental Health Services today is a modern, efficient and growing mental health service with two inpatient campuses – for adults suffering from mood disorders, psychoses, addictions, anxiety disorders and eating disorders – as well as an adolescent mental health services center, a wellness and recovery center, and community clinics across Ireland.
As the largest independent, not-for-profit provider of mental health services in Ireland, St. Patrick's Mental Health Services must ensure the security of its electronic health records by preventing cyberthreats from breaching its network perimeter and endpoints. The organization's previous security infrastructure was complex, comprising multiple point products, and lacked adequate visibility and control over traffic traversing the corporate network. To simplify as well as strengthen network and endpoint security, St. Patrick's Mental Health Services consolidated its previous security onto the Palo Alto Networks® Security Operating Platform.
With the Palo Alto Networks platform, St. Patrick's Mental Health Services now blocks user access to public cloud storage to maintain greater control over corporate data. The organization further controls internal traffic flow and data access based on application- and user-aware policies, while built-in threat prevention automatically stops external cyberthreats from breaching its network. Since deploying Traps™ advanced endpoint protection and WildFire® cloudbased threat analysis service, St. Patrick's Mental Health Services has had no outbreaks of malware or ransomware. Network access for remote users is also greatly simplified with GlobalProtect™ network security for endpoints. By simplifying end-to-end security through the Palo Alto Networks platform, St. Patrick's Mental Health Services saves IT time and money, freeing more resources to focus on systems and services to support patient care.
Keeping Private Patient Information Secure
In a modern healthcare environment where private medical records are managed electronically, network security is of the utmost importance. As Ireland's leading not-for-profit mental health organization, St. Patrick's Mental Health Services is keenly focused on ensuring its patients' privacy. So, when the organization's legacy security infrastructure became too complex and difficult to maintain, St. Patrick's Mental Health Services decided it was time for a change.
Amid growing use of cloud-hosted applications – including a vital electronic health records, or EHR, system – and in the face of evermore sophisticated cyberthreats, St. Patrick's Mental Health Services needed greater assurance that its network and endpoints were secure. Ronan Devins, head of IT for St. Patrick's Mental Health Services, evaluated several leading vendors. When it came to the proof of concept, the Palo Alto Networks Security Operating Platform stood well above the others.
Devins explains, "When we did the PoC with the Palo Alto Networks platform, we saw data leaving our organization and going up to public cloud storage services like OneDrive, Google Drive and Dropbox. We didn't have that kind of visibility before, which really drove the business case to replace our legacy firewalls with the next-generation firewall."
St. Patrick's Mental Health Services also had a mix of other security point products, including a separate web filtering appliance, traditional antivirus and a complicated routing procedure to enable remote access for employees.
"Our previous approach was very complex," Devins remarks. "Palo Alto Networks gave us a way to get end-to-end security from the data center to the web and out to our endpoints on a single security operating platform."
Complete Visibility and Control With the Security Operating Platform
Devins and his team deployed the Palo Alto Networks Security Operating Platform, including next-generation firewalls, Traps advanced endpoint protection, and an array of cloud-delivered protection and access services. The PA-850 next-generation firewalls are configured for high availability, providing St. Patrick's Mental Health Services with assurance that its corporate data and patient records are continuously secured.
With granular control and complete visibility on the Palo Alto Networks platform, Devins can also block staff from accessing public cloud storage and ensure corporate data remains secure. Plus, built-in threat prevention automatically stops external cyberthreats from breaching the organization's network.
"Previously, we were constantly bouncing traffic back and forth between the legacy firewall and the web filter with no clear view of what was getting through and what was not," says Devins. "With the Palo Alto Networks platform, I can now look at web activity by traffic type or by Active Directory user and maintain much closer control over what's on our network."
That level of control also plays a key role in enabling secure access to the organization's EHR system, which is hosted by a U.K.-based cloud provider and requires secure virtual private network, or VPN, connections. The legacy firewalls, managed by the firewall vendor, gave Devins and his team only limited access to see the status of the VPN tunnels. Any updates or configuration changes had to be performed by the vendor.
"Going through the firewall vendor was slow and expensive," Devins points out. "With Palo Alto Networks Security Operating Platform, our network engineers can create and manage the VPN tunnels directly, which saves us a lot of time and money."
Simplified Secure Access for Remote Users
The Palo Alto Networks platform greatly simplifies remote access for users of St. Patrick's Mental Health Services. Previously, the organization used virtual desktop software to enable remote access, but it did not provide a consistent environment. Users in the office might be running Windows® 10, while through the virtual desktop they'd have Windows 7 or 8. Plus, the EHR application was browser-based, and the vendor would not support virtual desktops. Consequently, users had to create separate VPN sessions back to the legacy firewall and break out from there to the EHR system in the cloud.
GlobalProtect network security for endpoints eliminates that hassle. Now, users with encrypted laptops provided by St. Patrick's Mental Health Services can log on to the corporate network through their home Wi-Fi using automatic passthrough authentication. GlobalProtect ensures all traffic from the laptop passes through a next-generation firewall, where it is fully inspected before being allowed access to any network, cloud or internet resources.
"GlobalProtect was one of the biggest wins for us," Devins asserts. "Our remote users love it. They can seamlessly access the internet, shared drives, our cloud-hosted EHR, and get a consistent experience at home and at work. They think it's brilliant."
Advanced Endpoint Protection Brings Peace of Mind
To secure the endpoints in its organization, including 550 workstations and about 80 servers, St. Patrick's Mental Health Services takes advantage of Traps advanced endpoint protection. For Devins, Traps is a crucial part of his end-toend security strategy and the key to stopping outbreaks of ransomware, such as WannaCry and NotPetya.
In the past, such attacks had been problematic – employees could innocently click links in emails and find all the files on their computer encrypted. USB drives were also regular sources of infection. Now, Devins blocks those from being used on corporate-owned workstations. Since deploying Traps, with its multi-method prevention approach, St. Patrick's Mental Health Services has had no outbreaks of malware or ransomware.
"Traps brings us peace of mind," says Devins. "The types of attacks are constantly advancing, so the way Traps works – by leveraging multiple prevention methods, instead of simply matching signatures or only relying on machine learning – helps us stay ahead of attackers. Also, if Traps detects anything suspicious, it isolates the file until WildFire can determine if it's safe or malicious. That gives us greater confidence that we're keeping our endpoints protected."
Because Traps provides Devins and his team with proactive defense, everyone sleeps better at night. Naturally, the endpoints most vulnerable to attacks like WannaCry are the ones that haven't been patched. IT is constantly pushing out updates, but as Devins acknowledges, "You can never be 100 percent." Therefore, he adds, "Even if there is a vulnerability out there, Traps will stop attempts to exploit it. So, we know we're doing everything in our power to protect our endpoints."
End-to-End Security That's Easy to Manage
For Devins, the native integration between Traps and the next-generation firewall is central to achieving end-to-end security. He puts it this way: "We take a belt-and-braces approach. We have the latest threat prevention and filtering at our network perimeter, and if any kind of cyberthreat tries to get in through the endpoints, we're protected there as well, and it's automatically shared with the firewalls. That's critical for us to defend against the possibility of a multilevel attack."
With its unique approach combining a suite of integrated security capabilities, built-in automation, flexibility and shared threat intelligence, the Palo Alto Networks Security Operating Platform has enabled St. Patrick's Mental Health Services to consolidate and simplify its security infrastructure. That's a big deal for the IT team, which runs very lean – just 15 people to support a user population of about 700, and no dedicated security personnel. "Anything we can do to save time and keep our Opex down is greatly appreciated," he says.
Devins reflects, "When we were dealing with multiple different black boxes, it was a constant battle trying to track down each vendor for support or updates. Plus, we were paying separate annual maintenance on software solutions and hardware solutions. With Palo Alto Networks, we have the efficiency of one integrated platform. Instead of multiple people on our team keeping up with multiple solutions, we have one person to manage the Palo Alto Networks platform. That helps reduce our Opex and frees up more resources to work on projects that enable St. Patrick's Mental Health Services to run more efficiently and better serve our patients."