Hospital systems depend more and more on technology as they further build their infrastructure upon it. Thus, divisions of patient care, research, billing and more, within a delicate hospital ecosystem are further exposed to external threats and cyber attacks. This puts at risk not just data and network security, but the lives of patients themselves.
With more than 10,000 employees and more than 1.5 million outpatient visits annually, this health system has a lot to protect. Like other large legacy institutions exposing a large address space in Border Gateway Protocol (BGP), the health system was consistently seeing 3M events on their firewall every hour, and upwards of 63M events total, every day.
Solution
The health system worked with Centripetal to methodically implement a proactive solution, CleanINTERNET. The solution, a comprehensive service, proactively shields their network and enables a diverse environment of doctors, patients, researchers, staff and medical equipment to simultaneously receive a high level of protection and still work effectively.
The health system worked with Centripetal to methodically implement a proactive solution, CleanINTERNET. The solution, a comprehensive service, proactively shields their network and enables a diverse environment of doctors, patients, researchers, staff and medical equipment to simultaneously receive a high level of protection and still work effectively.
Results
On the first full day of shielding in a process sequence to achieve an optimal state, only 402,000 blocks were seen the entire day. Then, after an additional round of feeds were added only 213,000 blocks were seen in an entire day.
The health system measures outside-in blocks recorded by their firewall to the SIEM which is important because traditionally the SIEM is expensive to store. With a typical firewall block message size of 2KB, they went from storing 5.7 GB per hour, to 11.7MB per hour – significantly lowering their costs.
After two months and only a few rounds of shielding of high confidence threats, there were zero reports of disruptions to the network related to the implementation of the CleanINTERNET service.
“We’ve gone from 3M blocks an hour, to 20,000 an hour, to 6,000 an hour. What we will now record in SIEM for Outside-In blocks over three weeks is what we used to record to SIEM in one hour.”
