Bradford Networks’ Network Sentry Ensures Secure Network Access at the Medical University of South Carolina

Network Access Control Software Protects Patient Information and Secures the Network

Medical University of South CarolinaA unique combination of hospital, academic institution and research center, the Medical University of South Carolina (MUSC) understands the importance of Network Access Control (NAC). With 15,500 students and employees requiring secure access in more than 100 buildings across a 26-acre campus, it was critical that MUSC know who and what was connecting to the network at all times.

Highlights

Network Profile:

  • Wired and wireless access across a 26-acre campus with more than 100 buildings and 30 WAN sites; 15,500 students and employees

Challenges:

  • Automate network security to ensure that only authorized users access the network and that all endpoint devices comply with policies
  • Implement NAC yet ensure high availability for registered users and devices in critical clinical areas
  • Ensure compliance with HIPAA, JCAHO and PCI mandates

Results:

  • Automatically identifies users and devices accessing the network, and ensures compliance
  • Automatically registers devices, including infrastructure equipment and medical devices that are normally difficult to register
  • Fewer personnel needed to resolve issues
  • Ensures compliance with HIPAA, JCAHO and PCI mandates

Case Study

With unrestricted access threatening network security and compliance, MUSC had been evaluating NAC solutions for some time. The IT team determined they needed a scalable, flexible solution that would be unobtrusive to users. “We needed to balance high availability with minimal end-user impact. Ensuring excellent patient care is paramount, and disrupting the use of any medical device could be problematic,” explains Michael Haschker, network systems team lead at MUSC.

In addition to common devices such as laptops, iPads and smartphones, MUSC requires network connectivity for medical devices, such as IV pumps, which are moved from room to room across the 700-bed facility yet must be be connected to the appropriate VLAN at each location.

“We wanted a solution that could integrate into our environment without requiring reconfiguration or upgrades,” says Patrick Lazorchak, MUSC network engineer. “It needed to be compatible with our existing multivendor technology so that we would have the flexibility to deploy whatever infrastructure components work best.”

MUSC evaluated a number of products but a pilot of Network Sentry from Bradford Networks convinced them that it was the best choice for their environment.

Bradford Networks’ Network Sentry the Clear Choice

With Network Sentry, MUSC has a better understanding of who is connected to their network, and can restrict access to authorized users. Network Sentry has also minimized the time and effort required to identify users and devices, so fewer personnel are needed to resolve issues. “With Network Sentry, tasks that used to require six staff members now can be completed by two,” says Michael.

MUSC also relies on Network Sentry to identify devices and automate registration, including thousands of managed machines and headless devices—printers, IP cameras, and medical devices—that lack a user interface and are challenging to register. “For years we had a problem ensuring appropriate access for portable EEG machines,” Michael explains. “Now with Network Sentry, when an EEG machine is plugged in, it is automatically assigned to the right VLAN no matter what port it’s in.”

Network Sentry Provides Valuable Insight, Ensures Policy Enforcement

MUSC credits Network Sentry with providing valuable insight into the software installed on each device and helping enforce endpoint policy. “It allows us to generate reports that highlight our vulnerabilities,” Patrick says. “We learn where our risks lie, how serious they are, and what the most effective resolution would be.”

Network Sentry also provides feedback to users. If a device is out of compliance, it’s moved to an isolation network, and the user is notified as to why access was limited and how to correct the problem. “In the past, identifying a non-compliant device would force us to shut down all related switches manually,” Patrick adds. “Rather than brute force, Network Sentry allows both staff and users to address problems quickly and easily.”

Increases In Security, Compliance

Network Sentry has helped MUSC meet critical HIPPA, JCAHO and PCI compliance requirements. “Before Network Sentry, we didn’t know about many of the credit-card readers that were transmitting data over our network,” says Michael. “Network Sentry allowed us to create a policy to ensure we were meeting compliance requirements.”