
Children's National Medical Centre uses virtualisation to counter cyber threats
Hospital deploys Citrix virtual technology to fend off webmail attacks

Digital transformation is underway in many industries, not least the healthcare sector which seeks to deliver better care through the use of digital services.
However, there are security implications as digital and connected services are more vulnerable to cyber attack.
A good example of this is the Children’s National Medical Centre in Washington DC, a paediatric hospital that is 100 per cent digital, according to Chad Wilson, the centre's director of information security.
In practical terms this means that all of the organisation's medical records are digitalised and paper records are kept only as a backup. The hospital makes comprehensive use of Citrix’s virtualisation services and products to enable access to data through virtual apps and desktops delivered to mobile devices and external computers.
This connected digital technology has freed up 30 minutes a day for all of the hospital’s nurses, Wilson claimed, giving them more time to deliver paediatric care.
But these benefits bring their own challenges, and Wilson had to beef up the hospital's cyber security.
“It’s kind of a unique challenge that all of our medical records are digital and we have to protect them, but at the same time we have to interoperate,” he said during a security panel discussion at Citrix's Synergy conference in Las Vegas.
The organisation's approach has been to try to future-proof its digital environment.
“We wanted to look at this from a holistic view and put together a security plan that identifies the various threat vectors, especially with the landscape changing where it’s really about people being attacked.
“It’s not necessarily about computers getting attacked, [hackers] are attacking the people so they can get after the data. So our security programme had to evolve to be really be people and information-centric, as opposed to [addressing] individual threats [such as] a piece of malware here and a piece of malware there.”
The hospital had this brought sharply into focus after a phishing attack that affected 18,000 children. Wilson did not go into details, but it was undoubtedly a serious incident.
Hackers got into the hospital’s webmail, which can be accessed remotely by staff as part of the organisation’s mobility strategy.
“Securing webmail is vitally important in that kill chain for cyber attacks once the bad guy gets [email] credentials. We found through that incident that bad guys get into the email within a few minutes to an hour,” he said.
This required Wilson and his team to look at how they deliver this remote access to webmail. The solution was to put the email client behind Citrix’s NetScaler, a web application delivery controller that supports virtual apps. This effectively virtualises access to the webmail and adds an extra layer of security making it very difficult to attack.
The use of virtual controllers, apps and desktops means in a lot of cases that data does not leave the data centre or server on which it is located, making it very challenging to access and steal.
“We put our webmail behind our NetScaler tied in with multi-factor authentication, and that instantly shut the front door to the bad guys,” said Wilson.
Such attacks and the threat of cyber crime could put companies off fully digitalising their data and leaning heavily on digital services.
But the Children’s National Medical Centre's savvy response to the email attack is an example of how digital transformation can be used to solve the problems it sometimes raises.
This, in turn, shows that organisations cannot ignore the potential of digital to transform IT and deliver tangible benefits to the business.
V3 Latest
AMD slams Nvidia for trying to impose 'gamer tax' on PC buyers
But doesn't mention Nvidia by name...
NHS criticised by Public Accounts Committee for learning nothing from WannaCry and NotPetya
PAC slams lackadaisical NHS security as IT security measures are ignored
Cloud costs are accelerating: here's how to keep them under control
Visibility, automation and accountability are essential
Machine learning technique developed that can detect people's faces in the dark
Developed to enhance real-time biometrics for US Army's night-time operations