Miami hospital tightens security before records revamp

Miami Children's Hospital is replacing its older network and clinical applications with a modern electronic medical record system to give medical staff faster and more unified access to patient information, a major step toward a paperless work environment.

The Florida-based hospital, specializing in pediatric healthcare, anticipates fully rolling out a Cerner-based electronic medical record system next year that will include a computerized physician order-entry and picture-archiving communications system. And as the project proceeds, Miami Children's Hospital is upgrading its Cisco network for added capacity and for security purposes, and expanding use of a ForeScout CounterAct network-based access control system.

BACKGROUND: ForeScout CounterAct focuses on network visibility

"We need larger pipes to transfer data," says Information Technology Security Officer Alex Naveira, noting that older Cisco switches are being swapped out for 6500s in the closets and Nexus switches on the ports for users.

The ForeScout CounterAct appliance, which is being used to control access to resources in the network and to prevent malware, integrates well into the Cisco switching and LDAP-based authentication environment, Naveira says.

CounterAct is looking at the policy-based behavior and the compliance of each machine, also scanning to see what services are running. The hospital policy calls for locking down C drives to prevent writing any sensitive data to them. Patient healthcare information must "only be accessed by people authorized for it," Naveira says.

If a user's computer has out-of-date antivirus technology, a policy violation, CounterAct will send a proactive alert to IT engineers. The security appliance can also detect when virtual-machine (VM) servers the hospital has deployed aren't running antivirus software at all. "The VM administrator admitted he forgot the A/V," says Naveira.

CounterAct can be set up to automatically switch a noncompliant machine into a specialized VLAN for remediation, but that feature isn't yet in use at the hospital. There's also cause to want to isolate medical imaging equipment for security and network performance purposes, and the hospital is doing that with specialized VLANs.

The hospital is also using CounterAct to accommodate visitors who want to use computers there by shunting them over to a default VLAN with Internet access, but no access to the electronic medical records system.

Read more about wide area network in Network World's Wide Area Network section.

Join the newsletter!

Error: Please check your email address.

Tags securityCisco networkhealth careMiami Children's Hospitalindustry verticalsCerner

More about CernerCiscoetworkLANTechnology

Show Comments
[]