A regional healthcare provider group operates 21 hospitals and nursing homes, with more than 8,000 beds and 14,000 employees, serving 250,000 patients annually. Known for pioneering new technology to advance clinical care and enhance patient comfort, the group has implemented an innovative solution from Auconet for multi-tenant IT network infrastructure control, protection, and security compliance.
Challenge
In the rapidly changing landscape of medical technology, a multi-hospital chain needs to protect all its networks and patient data, yet allow test instruments and life-saving devices to access the appropriate parts of its networks to do their jobs.
The group had insufficient access control over its combined networks of roughly 50,000 switch ports and 23,000 endpoints. A security audit had highlighted this vulnerability. Lack of a current inventory and view of all IT assets made the diagnosis and locating of equipment faults a manual process, marked by guesswork and inefficiency.
The healthcare provider depends on network heterogeneity every day. The in-house IT group connects medical and computing devices, from a broad set of hardware vendors, to the network. The group defined its need for a robust, vendor-independent security solution to automate Network Access Control (NAC) for new endpoints, and replace its manual database of IT assets.
Solution
The in-house network management team studied the available options for both network port security and access control. Their goal was to find a solution that could cover both, and was also capable of profiling diverse endpoints over multiple networks. Ease of installation, the ability to oversee multiple networks, and security features to block network access by guests (patient and visitor) or unauthorized users, were also must-have criteria. In addition, they sought 802.1X-security capability for future deployment.
The IT team found that Auconet Business Infrastructure Control Solution (BICS) met all these criteria, supports multi-tenancy, can interface with the group’s SAP database, and persistently monitors all IT infrastructure.
Implementation
The pilot program began with two hospitals located in nearby cities. The primary BICS appliance was installed in a data center at company headquarters. A backup BICS appliance was installed at a remote data center 125 miles away.
One staff technician was able to complete the simple installation process, placing the BICS appliance at headquarters, where it tracks both the MAC address and IP address of each device and endpoint, on all the group’s networks, along with their physical locations.
BICS also provides real-time updates to the SAP asset management database, enabling a current view of all the hospital networks.
Outcome
The group has progressed to a full multi-tenant environment. Each hospital and facility in the group now has a full, real-time view of its own network with security, control, and management over every port and endpoint, while headquarters oversees all the networks from a “single pane of glass.” This provides an efficient balance between centralized responsibility for the network, and site-by-site operational control.
Now, every IT asset and medical device in each hospital’s inventory is tagged and its profile maintained in the BICS virtual CMDB. BICS also helps with internal accounting, detecting and charging for the usage of each port to the appropriate business unit.