Major Health System Immunizes Itself from Network Threats


The Medical College of Virginia Hospitals (MCVH) is the teaching hospital component of the Virginia Commonwealth University Health System (VCUHS). Since 1838, MCVH has been in the forefront of advances in healthcare, providing patients from across Virginia and neighboring states with some of the most progressive treatment and technology available. More than 700 students from around the world pursue their M.D. degree under the tutelage of MCV Hospitals’ renowned faculty. Representing more than 200 specialty areas, including multi-disciplinary centers for cancer, cardiology, neurosurgery and transplantation, the staff of MCV Hospitals includes dozens of physicians who have been recognized as among the best doctors in the country.


Named one of “America’s Best Hospitals” by U.S. News & World Report, VCU Health System employs 7,500 people. Given its large staff and 24x7 operations, VCU Health System’s network typically supports high volumes of users – up to 10,000 daily – and at all hours. The primary, and constant, challenge for the organization’s IT team is to balance its users’ need for open and immediate access to medical and health information and research with meeting compliance requirements to protect data and patient privacy. Deemed by Hospitals & Health Networks magazine as one of the “Most Wired” healthcare institutions in the country, VCU Health System also faced the challenge of managing mounting demands on its Internet bandwidth usage.

The organization’s IT team attributed much of the growing consumption of Internet bandwidth to streaming audio and video that was unrelated to patient care. “Our Internet pipe should be big enough to meet our needs, but it was filling up routinely,” explains Bob DeVoy, Network and Storage Services Manager, VCU Health System. Closely correlated to this fact were growing concerns that users might be introducing security risks via their online activities.


VCU Health System had Cisco Systems firewall modules deployed to protect it. However, these firewall modules do not afford the visibility into network activity and application access necessary for VCU Health System to identify and monitor risky activities and match them to specific users and/or machines. Thus, DeVoy and his team needed a solution. Websense, an Internet filtering and web security tool, was in use by 500 employees. DeVoy considered expanding its coverage to encompass all of VCU Health System’s network users, but sought a more comprehensive and affordable solution that might also deliver efficiencies in bandwidth consumption.

At the invitation of Palo Alto Networks partner SUN Management, DeVoy attended a seminar to learn about Palo Alto Networks PA-4000 Series next-generation firewall. Impressed, he arranged to evaluate the PA-4000 Series on-site to determine where it could offer improvements in both security and network usage. “Within a couple of hours of running the trial we were able to identify specific desktops running streaming media from YouTube and other programs that pose security risks, and get a sense of the magnitude of the problem,” said DeVoy.


Convinced of its ability to deliver superior results, DeVoy and his team deployed the PA-4000 Series next-generation firewall. As a result, VCU Health System has enjoyed dramatically increased application visibility and control, reduced threats to its network and decreased its Internet bandwidth consumption. Moreover, the ability to track applications flowing in and out of its network has given VCU Health System the granular information it needs to formulate, and enforce, an acceptable use policy for its users. “We really find the report export capabilities in the latest version of the PA-4000 Series extremely helpful,” said DeVoy. “This is clearly the tool we’re going to use to better manage our Internet and internal bandwidth. Palo Alto Networks does everything that our previous infrastructure did plus a ton more!”

Using the information gleaned from the PA-4000 Series, VCU Health Systems’ security team has put together policies to block access to applications that are not work related, while still allowing its staff the freedom to access files and information that enhance patient care, learning and productivity. “Our job is to minimize risk while maximizing the ability of medical and administrative staffs to get their jobs done as efficiently and effectively as possible,” said Bob DeVoy. “Palo Alto Networks allows us to define and enforce appropriate user policies, so that the business of the hospital always comes first, risk is minimized and our medical professionals retain maximum flexibility.” Based on the impressive performance of the PA-4000 Series, VCU Health System is also interested in the device’s threat prevention capabilities. In fact, it plans to send its security team to an upcoming training session to learn more. “We confident we’ll get even more return as we continue to take advantage of more of the PA-4000 Series’ capabilities in the near future,” added DeVoy.


Guide to Securing Microsoft Office 365 for the Enterprise

This paper describes how the Palo Alto Networks Security Operating platform secures your data in Microsoft Office 365 and other cloud applications.
  • 4
  • 1398

How to Secure Your Business in a Multi-Cloud World

This paper highlights an innovative security approach that eliminates the wide range of cloud risks that can cause breaches, while enabling organizations to achieve consistent and frictionless cloud protections for multi-cloud environments.
  • 2
  • 2663

University of Arkansas

University cut through complexity to strengthen security while enabling open network access for unrestricted learning
  • 1
  • 1395

California State University

Read how Palo Alto Networks Next-Generation Security Platform met all the CSU’s key objectives with a single platform and single vendor solution.
  • 0
  • 1153

University of Southampton

A research-intensive university with over 23,000 students, the University of Southampton is a leading entrepreneurial ­institution in the United Kingdom. When the University sought to significantly expand throughput to support an increase in students, improve network stability and services to users, heighten security, and lower IT management burdens, they ­selected Palo Alto Networks Nextwave Channel Program Platinum ASC CPSP Partner Khipu Networks, working with ­European ­Electronique under the NEUPC procurement framework, to partner with them to meet their long-term strategic goals.
  • 6
  • 1771

Diocese of Broken Bay

Increased network security performance enables safe, flexible learning environment for over 20,000 students and 2,500 staff at over 44 different schools
  • 0
  • 246