Field report

Health system's IT upgrades improve network security

St. Dominic-Jackson Memorial Hospital upgrades network to manage 15,000 connected devices
|

St. Dominic’s is able to segment its wired traffic using ClearPass after completing a network upgrade.

Image courtesy of Aruba, a Hewlett Packard Enterprise

St. Dominic-Jackson (Miss.) Memorial Hospital is a 571-bed acute care hospital, and its campus comprises 12 buildings and 35 associated clinics. With more than 3,000 nurses, doctors and caregivers working at the campus, the hospital’s small information technology (IT) team needed a way to securely manage the nearly 15,000 mobile and “internet of things” devices used on-site. 

The health care provider had previously worked with Aruba, a Hewlett Packard Enterprise company, to deploy Aruba access points and mobility controllers, as well as the company’s ClearPass Policy Manager and AirWave network management, but continued utilizing switching infrastructure from another IT provider. However, St. Dominic’s IT team determined that it needed to address key concerns of its switching infrastructure moving forward, including visibility of devices on the network and the mitigation of security threats.

“It was important for us to ensure a smooth integration of new equipment into the existing network infrastructure to minimize disruption, simplify management of the network and keep costs low,” says Murray Farrar, infrastructure architect for St. Dominic’s. “We’ve had a great experience with our Aruba wireless, AirWave and ClearPass solutions, and felt that Aruba could deliver a complete package, from wireless to switching to security, and enable seamless integration between all the elements.”

The hospital evaluated solutions from three separate providers, including Aruba, to better address the full range of its wireless, switching and security needs. After its evaluations, St. Dominic’s chose to standardize its wired and wireless network with Aruba and deployed additional Aruba access points, including new Wi-Fi Certified 6 access points, Aruba access switches at the edge, and IntroSpect, to integrate with the organization’s existing ClearPass solution, bringing increased visibility and security into the network. St. Dominic’s also completed a proof of concept with the Aruba 8320 Series core and aggregation switches, and plans to replace its existing core switches with the Aruba gear. 

With the wireless network becoming increasingly critical for both internal operations, as well as patients and guests, the IT team had deployed ClearPass to segment and manage the traffic. With the new Aruba switches in place, the IT team plans to leverage ClearPass to segment its wired traffic as well. 

The integration between ClearPass and IntroSpect was crucial for St. Dominic’s as it grapples with more internet of things devices such as IV pumps, heart monitors and other medical equipment on its network, and the need to ensure that these devices won’t compromise security. 

“IntroSpect gives us a more complete picture because it’s looking at all the traffic,” says Matt Smith, security architect for St. Dominic’s. “We’re able to gain visibility into the behavior of devices on the network and — via the tight integration with ClearPass — take immediate action, such as quarantining or removing questionable devices from the network. IntroSpect is helpful not just for security purposes, but also to resolve non-security-
related problems such as applications that are being dropped at a particular firewall or server, or conversations that are being dropped by a specific workstation.”

Smith notes that St. Dominic’s uses a secure messaging app called Cureatr for communications among nurses, doctors and other staff. With IntroSpect, the hospital can easily view and quantify usage of the application, including number of users and most popular times of day for usage, allowing the IT team to adjust downtime and maintenance around these parameters and minimize interruptions.

“More importantly, IntroSpect has improved our ability to view, respond and resolve security events, and has reduced response times from days down to minutes,” Smith says. “We’ve experienced an order of magnitude improvement. Where, previously, half a dozen people might spend a day working on a security event, we can now make a determination in less than five minutes that makes our organization safer.”

As Smith looks ahead, he foresees a continued increase in internet of things devices and new applications on the hospital’s network.

Related Articles