See our SolarStorm response
  • Network Security
  • Cloud Security
  • Security Operations
  • More
  • Get support
  • Sign In
  • Get Started

Virginia Commonwealth University Medical Center

Virginia Commonwealth University Health System Jan 01, 2013 at 12:00 AM

Major Health System Immunizes Itself from Network Threats

BACKGROUND

The Medical College of Virginia Hospitals (MCVH) is the teaching hospital component of the Virginia Commonwealth University Health System (VCUHS). Since 1838, MCVH has been in the forefront of advances in healthcare, providing patients from across Virginia and neighboring states with some of the most progressive treatment and technology available. More than 700 students from around the world pursue their M.D. degree under the tutelage of MCV Hospitals’ renowned faculty. Representing more than 200 specialty areas, including multi-disciplinary centers for cancer, cardiology, neurosurgery and transplantation, the staff of MCV Hospitals includes dozens of physicians who have been recognized as among the best doctors in the country.

PRIMARY INTERNET ARTERY GETTING CLOGGED

Named one of “America’s Best Hospitals” by U.S. News & World Report, VCU Health System employs 7,500 people. Given its large staff and 24x7 operations, VCU Health System’s network typically supports high volumes of users – up to 10,000 daily – and at all hours. The primary, and constant, challenge for the organization’s IT team is to balance its users’ need for open and immediate access to medical and health information and research with meeting compliance requirements to protect data and patient privacy. Deemed by Hospitals & Health Networks magazine as one of the “Most Wired” healthcare institutions in the country, VCU Health System also faced the challenge of managing mounting demands on its Internet bandwidth usage.

The organization’s IT team attributed much of the growing consumption of Internet bandwidth to streaming audio and video that was unrelated to patient care. “Our Internet pipe should be big enough to meet our needs, but it was filling up routinely,” explains Bob DeVoy, Network and Storage Services Manager, VCU Health System. Closely correlated to this fact were growing concerns that users might be introducing security risks via their online activities.

THE (NETWORK) DOCTOR CAN SEE YOU NOW

VCU Health System had Cisco Systems firewall modules deployed to protect it. However, these firewall modules do not afford the visibility into network activity and application access necessary for VCU Health System to identify and monitor risky activities and match them to specific users and/or machines. Thus, DeVoy and his team needed a solution. Websense, an Internet filtering and web security tool, was in use by 500 employees. DeVoy considered expanding its coverage to encompass all of VCU Health System’s network users, but sought a more comprehensive and affordable solution that might also deliver efficiencies in bandwidth consumption.

At the invitation of Palo Alto Networks partner SUN Management, DeVoy attended a seminar to learn about Palo Alto Networks PA-4000 Series next-generation firewall. Impressed, he arranged to evaluate the PA-4000 Series on-site to determine where it could offer improvements in both security and network usage. “Within a couple of hours of running the trial we were able to identify specific desktops running streaming media from YouTube and other programs that pose security risks, and get a sense of the magnitude of the problem,” said DeVoy.

A POLICY FOR A HEALTHIER NETWORK

Convinced of its ability to deliver superior results, DeVoy and his team deployed the PA-4000 Series next-generation firewall. As a result, VCU Health System has enjoyed dramatically increased application visibility and control, reduced threats to its network and decreased its Internet bandwidth consumption. Moreover, the ability to track applications flowing in and out of its network has given VCU Health System the granular information it needs to formulate, and enforce, an acceptable use policy for its users. “We really find the report export capabilities in the latest version of the PA-4000 Series extremely helpful,” said DeVoy. “This is clearly the tool we’re going to use to better manage our Internet and internal bandwidth. Palo Alto Networks does everything that our previous infrastructure did plus a ton more!”

Using the information gleaned from the PA-4000 Series, VCU Health Systems’ security team has put together policies to block access to applications that are not work related, while still allowing its staff the freedom to access files and information that enhance patient care, learning and productivity. “Our job is to minimize risk while maximizing the ability of medical and administrative staffs to get their jobs done as efficiently and effectively as possible,” said Bob DeVoy. “Palo Alto Networks allows us to define and enforce appropriate user policies, so that the business of the hospital always comes first, risk is minimized and our medical professionals retain maximum flexibility.” Based on the impressive performance of the PA-4000 Series, VCU Health System is also interested in the device’s threat prevention capabilities. In fact, it plans to send its security team to an upcoming training session to learn more. “We confident we’ll get even more return as we continue to take advantage of more of the PA-4000 Series’ capabilities in the near future,” added DeVoy.


Related Resources

Article

What is a denial of service attack (DoS) ?

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users.
September 2, 2020

Article

What Is SASE?

Secure access service edge, or SASE (pronounced “sassy”), is an emerging cybersecurity concept. It is the convergence of wide area networking.
September 2, 2020

Article

What is a Zero Trust Architecture

Zero Trust has become one of cybersecurity’s latest buzzwords. It’s imperative to understand what Zero Trust is, as well as what Zero Trust isn’t.
November 11, 2020

White Paper

How SOAR is transforming threat intelligence

This white paper talks about how we need to transform threat intelligence by integrating it into an extensible SOAR platform enabling analysts to take full control over their threat intelligence combined with the power of proven SOAR capabilities.
March 30, 2020

Article

What Is a Site-to-Site VPN?

A site-to-site virtual private network (VPN) is a connection between two or more networks, such as a corporate network and a branch office network.
September 2, 2020

Article

What is an Endpoint?

An endpoint is a remote computing device that communicates back and forth with a network to which it is connected.
November 10, 2020

Be the first to know.

As a member you’ll get exclusive invites to events, Unit 42 threat alerts and cybersecurity tips delivered to your inbox.

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.
Subscription Reward

Popular Resources

  • Blog
  • Communities
  • Content Library
  • Cyberpedia
  • Event Center
  • Investors
  • Tech Docs
  • Unit 42
  • Sitemap

Legal Notices

  • Privacy
  • Trust Center
  • Terms of Use
  • Documents

Popular Links

  • About Us
  • Careers
  • Contact Us
  • Manage Email Preferences
Report a Vulnerability
  • USA (ENGLISH)
  • AUSTRALIA (ENGLISH)
  • BRAZIL (PORTUGUÉS)
  • CANADA (ENGLISH)
  • CHINA (简体中文)
  • FRANCE (FRANÇAIS)
  • GERMANY (DEUTSCH)
  • INDIA (ENGLISH)
  • ITALY (ITALIANO)
  • JAPAN (日本語)
  • KOREA (한국어)
  • LATIN AMERICA (ESPAÑOL)
  • MEXICO (ESPAÑOL)
  • SINGAPORE (ENGLISH)
  • SPAIN (ESPAÑOL)
  • TAIWAN (繁體中文)
  • UK (ENGLISH)
  • Facebook
  • Linkedin
  • Twitter
  • Youtube
Create an account or login

© 2021 Palo Alto Networks, Inc. All rights reserved.