Customer Solution Case Study
Academic Medical Center Increases Network Security, Reduces Downtime
Overview
Country or Region: United States
Industry: Healthcare
Customer Profile
Wake Forest University Baptist Medical Center, a leading academic medical center based in Winston-Salem, North Carolina, provides information centers, outpatient services, and nearly 1,300 beds.
Business Situation
The medical center’s fully computerized environment required a high level of security and stability, yet was slowed dramatically by virus attacks.
Solution
By deploying Microsoft® Windows® XP Service Pack 2, the center gained an automatic firewall to protect computers on and off the network, and a way to isolate the network in the event of a virus threat.
Benefits
n Federal security rule compliance
n Increased network security
n Improved network manageability / “The security features in Windows XP Service Pack 2 will allow employees to focus more on meeting patient care, education, and research missions, andless on fighting viruses and worms.”
Brian Uzwiak, Network Technology Services Manager, Wake Forest University Baptist Medical Center
Wake Forest University Baptist Medical Center is one of the leading academic medical centers in the United States. It uses networking, personal computer, and mobile technologies extensively to access electronic medical records, computerized physician order entry, and online curriculum. Its staff and student population uses more than 11,500 computers, 15 percent of which are mobile. In 2003, a series of virus attacks cost the center tens of thousands of hours in lost productivity in a single month. In response to that, and to comply with new regulations protecting patient information, the center is deploying a security solution that includes Microsoft® Windows® XP Service Pack 2. The service pack’s easily configurable automatic firewall helps protect computers both on and off the network, and works with the center’s update management system to help prevent future virus attacks.
Situation
Wake Forest University Baptist Medical Center, a partnership between Wake Forest University Health Sciences and North Carolina Baptist Hospital, is one of the preeminent academic medical centers in theUnited States. The center consistently wins awards for excellence, including being ranked among the top 50 hospitals in the United States by U.S. News and World Report. Although its main facilities and campus are located in Winston-Salem, the center’s staff and student population of 11,000 work in locations across the state of North Carolina and in southwestern Virginia. The center generates approximately U.S.$1 billion in revenue annually.
Wake Forest Baptist also is one of the nation’s most technologically advanced healthcare providers. The center’s clinical equipment is linked directly to a fully electronic medical record system that uses computerized physician order entry for drug prescriptions, a practice widely regarded in the industry as essential to reducing medical errors. The academic side of the center uses an online curriculum. Each student receives a portable computer to use in the classroom, plus a handheld computer to use during clinical work to track patient encounters. In all, the center’s network supports more than 11,500 computers in a variety of settings.
Security Concerns
Both the medical center’s computer environment and the healthcare industry as a whole have a variety of security concerns. The confidentiality and safety of medical information is critical, especially in light of the recent addition of new security rules to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA). The rulesrequire that patient health information be safeguarded in a number of ways, including secure electronic transmission. A violation of HIPAA could result in fines, lawsuits, and negative publicity for the center.
The large number of portable computers used by students, faculty, and staff presented another security challenge for the medical center. When a mobile computer is on the campus network, it is protected by the network’s firewalls and automated update management system. However, when these devices were connected to networks off campus, they were not necessarily getting the updates and were left open to viruses. “The users would pick up viruses at other locations, bring their portable computers back to our system, connect to the academic medical center network, and start spreading viruses around campus,” says Brian Uzwiak, Network Technology Services Manager for Wake Forest University Baptist Medical Center.
Because the medical center network wasn’t adequately protected, it experienced a number of viral assaults, including attacks by the Slammer, Blaster, and Welchia viruses. In August 2003, the network was attacked repeatedly, flooded with spurious traffic that caused slowdowns and sporadic disruptions in service. The center estimates that the outbreaks cost 100,000 hours of lost productivity across the campus in that month alone. The biggest concern for the organization was access to patient records and treatment information—because without that data, treating patients was difficult or impossible. “We have a fully computerized electronic medical record where you are using computerized physician order entry in our clinical areas,” says Uzwiak. “If the network doesn’t work, it’s a big deal.”
First Step to Resolution
The medical center began a program to tighten its security. One of the first phases was upgrading its computers to the Microsoft® Windows® XP Professional operating system from the Windows 2000 Professional and Windows NT® Workstation operating systems. The increased stability and security offered by Windows XP Professional formed the base for the newsecurity initiative, but the high number of portable computers frequently connecting to the center’s network created a need for additional security methods.
Wake Forest Baptist needed a system that could protect the computers on and off the network, and also be compatible with the specialized programs that the center uses. Any new solution would have to be configured to work with the other programs without negatively affecting the center’s productivity.
Solution
Wake Forest University Baptist Medical Center chose to deploy Microsoft Windows XP Service Pack 2 for its manageability and security enhancements. While other solutions were beyond the center’s budget, the service pack is a free update to Windows XP Professional. “Microsoft has provided this functionality as part of the operating system,” says Uzwiak. “We’re able to deploy this functionality without any additional software acquisition expense, whereas with the alternatives we would have had to pay $500,000 to $1 million to deploy enterprisewide.”
Wake Forest Baptist began the Windows XP Service Pack 2 deployment process by thoroughly testing the update against the many programs that the center has in place for both its clinical and academic settings. The center conducted two months of extensive tests against more than 50 mission-critical enterprise applications. Additionally, it completed a three-month pilot of Windows XP Service Pack 2 with key users in departments throughout the center to determine compatibility with local applications.
Microsoft Services sent Senior Consultant Chris Bush to work with the center’s network group to evaluate any possible application conflicts and verify the Group Policy settings that the center had set up. “The consultant validated what we had done,” says Uzwiak. “This was an important role, because we felt like we needed that validation or audit before moving forward with the actual deployment.”
The consultant and the network group set up and verified the Group Policy settings for the medical center. Of special concern were the mobile computers that were taken from the campus setting and connected to unknown networks. The group established Group Policy settings to configure Windows Firewall based on the network connection. When the computers are on the campus network, exceptions can be made to the firewall. When the computers are taken off campus, the installed Group Policy settings restrict the firewall exceptions to almost none, thereby protecting the computer from potential attack.
After completing the Service Pack 2 configuration, the group began installation by using Microsoft Systems Management Server 2003, part of Microsoft Windows Server SystemTM integrated server software. The deployment to all the medical center’s computers running Windows XP Professional is expected to take three months to complete.
Benefits
Windows XP Service Pack 2 is helping Wake Forest University Baptist Medical Center improve security policies and systems as it works to meet HIPAA requirements and make the network more secure and manageable. “The security features in Windows XP Service Pack 2 will allow employees to focus more onmeeting patient care, education, and research missions, and less on fighting viruses and worms,” says Uzwiak.
HIPAA Security Compliance
Implementing Windows XP Service Pack 2 isone of the many steps that Wake Forest Baptist is taking to meet the new HIPAA requirements for protecting electronic information. Windows Firewall assisted the center in meeting these requirements by helping block attacks on the network that could render sensitive information vulnerable.
Increased Security and Manageability
In addition to security and management issues stemming from the medical center network’s overall size and complexity, the organization has a high number of mobile devices connecting to the network on a regular basis and causing further security concerns. Windows Firewall works to protect the computers and the network from attack by helping block viruses from gaining entry, even if security updates have not been installed. “Although we have an automated update management solution in place, using Systems Management Server 2003 to deploy updates while users are on campus,” says Uzwiak, “when they’re not here, they’re not necessarily getting the updates. The firewall helps protect computers when the users are not here, even without the updates.”
Windows XP Service Pack 2 also provides easy configuration management through Group Policy support. If additional exceptions need to be added or denied, network administrators can manage Windows Firewall through Group Policy. This benefits the overall security, because it allows administrators to lock down systems whileremedies are found for an exposed vulnerability. Prior to the deployment of Windows XP Service Pack 2, it took a week after the announcement of a new security update for the center to protect its systems by testing and deploying the update. With Windows XP Service Pack 2, if Windows Firewall isn’t already configured to protect against the exploitation of the vulnerability, the center’s administrators can make a Group Policy change and have the systems protected in 20 minutes.
“If there is a known security issue, but there isn’t a security update out yet or we haven’t been able to properly test the update or deploy it, we can go immediately to Group Policy, change settings across the board, and block whatever ports need to be blocked,” says Uzwiak.
Microsoft Windows XP Professional
Microsoft Windows XP Professional gives you the freedom to do what you want at home and at work—simply, reliably, and securely.
For more information about Windows XP Professional, go to:
www.microsoft.com/windowsxp/pro