BT and its partners are helping a leading Northern Ireland healthcare trust to manage the increasingly complex issue of cyber security – now and in the future - for a network that each day handles 25,000 devices, a volume which is set to grow rapidly.
Healthcare is a sector with growing vulnerability to cyber-attacks. Health trusts hold huge amounts of complex data and the volume of devices connected to their networks is rising daily, including increasing numbers of third-party devices.
The Northern Health and Social Care Trust (NHSCT) delivers health and social care services to about 470,000 people across a large portion of Northern Ireland. The task of making its IT network secure falls to Gary Campbell and Michael Dillon.
As Gary explains, threats today can come from state-sponsored attacks as much as they do from cyber criminals.
“Everything from diagnostic equipment such as MRI scanners to mobile devices are connected to the network,” he says. “And hospitals are very public places.”
Third party devices were particularly vulnerable and initially had to be tracked with a spreadsheet. Previously some medical devices were using out-of-date operating software that could no longer be patched.
“We could see the problem coming,” Gary adds. “Standard antivirus software wasn’t enough and we recognised we needed to look at this in much greater depth.”
According to Michael, the first challenge was to find out exactly what was connecting with the network.
“There was so much that wasn’t visible to us. We needed to see what was out there and secure it before it connected with the network and became a potential threat,” he says.
BT, who had been working with the Trust for some time, were able to find software partners to deal with the myriad security challenges.
The first of these was Forescout, a solution that can see, categorise and then install security on every device that touches a network.
Then, more recently BT proposed Tenable, a software solution that can provide highly accurate information about all the trust’s devices, quickly identifying vulnerabilities and misconfigurations and creating actionable dashboards that predict priorities for intervention.
A further step forward was when one of BT’s engineers came on board to help implement Cisco’s Identity Services Engine (ISE) to manage the problem of providing secure access to trusted users and endpoints. That’s a fast-growing issue as the result of cloud migration, greater mobility and the proliferation of devices that make up the Internet of Things (IoT). Cisco ISE enables the trust to authenticate devices and ensure their compliance, wherever they are.
Michael says: “We already had all the information we needed from Forescout to tell us what the devices were. It meant we could take all that data and begin to deploy Cisco ISE and by working with the BT engineer we were able to achieve that in six months.
“Today we can see what’s out there. We have a way to detect when anything connects to the network, we can give it an IP address and, as we learn more about each device, we can tighten the controls we have around them. Netflow analysis shows us the conversations between all devices and the trust is able to record each of those conversations.”
Michael and Gary say they now feel reassured by the level of security they are able to provide to the network.
The challenges they faced were considerable, with the number of devices growing by 100 percent in a decade, to some 25,000 in use today. In the next one to two years, they expect an increase of between 1,000 and 3,000 mobile devices which will all be connecting with the network at some point in time.
Michael Dillon says: “We’re using Tenable to test all the time. If Forescout sees something and Tenable doesn’t, it will tell Tenable to go scan it. We want to ensure we catch everything, so nothing can come at us out of the blue.
“If there was another outbreak, we’d like to think it wouldn’t be anywhere near as bad as the WannaCry ransomware attack of 2017 which impacted some hospitals in England in a couple of hours. I’d really believe we wouldn’t face the same issues that arose then.”
Gary is delighted that their work has paid off and that they come out of the IT security audits successfully. Michael adds: “We can’t take all the glory for this by any means. Our data centre and ICT Operations teams are doing a fantastic job.”
The blueprint for a more secure network, is being used elsewhere and BT’s partnership with Forescout has seen their security solution introduced regionally.
As the trust searches for ever-stronger security, they are working with BT to look at new products coming out from Cisco and are assessing Software-Denied Access as a way forward to deliver policy-based automation to the whole process of onboarding and managing device security.