Boston Medical Center (BMC) is a private, not-for-profit, medical center with 581 beds, located in Boston’s historic South End. The medical center is also the primary teaching affiliate for Boston University’s School of Medicine. As the largest “safety net hospital” in New England, BMC’s mission is to provide Exceptional Care Without Exception to every patient. In addition, BMC hosts an electronic medical records (EMR) application for 13 clinically affiliated Community Health Center partners that provide outpatient services. As such, BMC is dedicated to protecting its IT systems and securing its infrastructure to ensure clinicians, key hospital staff, and outpatient partners have consistent, uninterrupted services.
In 2004, BMC experienced severe Blaster and Sasser worm attacks that severely overtaxed all of its IT systems and resources.
“It was a challenging time for us,” recalls Brad Blake, Director of IT for BMC. “The Help Desk received more than 1,000 calls a day. The engineering staff had to work around the clock to mitigate all the issues. In fact, the impact was so severe that we had to pull the majority of our IT resources from other initiatives to resolve it.”
Since so many of BMC’s processes are computerized, network issues can have a rippling effect on the Center’s ability to work as efficiently as possible. “Our staff is always able to provide exceptional care, but if our IT systems were to become compromised, it would impact our ability to work as efficiently as possible, which is very important in these lean times,” says Blake.
Time to take action
The BMC IT team realized the Center’s firewalls were not delivering an adequate level of protection to prevent infections from spreading to endpoint systems. Not only was attack frequency a concern, but the damage these viruses and worm attacks caused to the Center’s desktops required the BMC IT team to spend more time resolving the issues.
“Our systems were so badly compromised that our usual 5-minute procedure for removing the virus and cleaning the system was no longer effective,” explains Blake. “A Field Technician had to spend upwards of 30 - 40 minutes rebuilding each workstation, which added to our remediation costs as well.”
BMC began evaluating multiple technologies, including a competitor’s host intrusion prevention system. “We evaluated McAfee Network Security Platform for about two weeks, and immediately saw the value that this solution brought to the table.”
Before completing its deployment of McAfee Network Security Platform, BMC received 8.4 million denial-of-service (DOS) attacks and 6.5 million buffer overflow attacks daily. By May 2006, McAfee Network Security Platform reduced DOS attacks to zero.
“The McAfee Network Security Platform also helped stop peer-to-peer file sharing and instant messaging programs,” says Blake. “Programs like these circumvent our current security infrastructure, so it is better to block access to them completely.”
"Since our McAfee implementation we have seen a dramatic decline in the amount of virus and spyware in the environment. This has allowed us to provide a more stable and consistent end user experience for our clinicians, partners and key hospital staff."Brad Blake
Director of IT, Boston Medical Center
A painless deployment
“The McAfee Network Security Platform installation was very straightforward,” says Blake. “In fact, we didn’t run into any technical difficulties during the deployment that we couldn’t handle ourselves.”
The IT staff responsible for managing this portion of BMC’s enterprise were impressed with the new user interface, as well as the improved access control features.
“We utilized the access control function to quarantine a host virus that initiates any type of attack recognized through McAfee’s Network Security Platform signatures,” explains Blake. “Now we can identify the infected systems and determine the source of the outbreak in seconds versus an hour, thereby mitigating further outbreaks.”
Integrating perimeter with internal security
Once BMC improved its perimeter security, the next logical step was adopting a complete approach that integrated perimeter security with internal security. The Center evaluated both McAfee ePolicy Orchestrator (ePO) 4.0 and McAfee Total Protection (ToPS) for Endpoint in conjunction with the Network Security Platform.
“The evaluation was a crucial step in moving away from the existing products we were using, and moving towards McAfee to obtain the next level of enterprise security,” Blake recalls. “Once we knew that ePO, ToPS, and Network Security Platform integrated beautifully as an all-in-one solution, we were hooked.”
Better, simplified reporting with ePO
ePO delivers automated intelligent security that enables BMC to make quick and effective decisions.
Version 4.0 also brings improved reporting capabilities that BMC finds easy to use while improving threat protection and compliance management.
“With ePO, it’s extremely easy to create custom reports that identify the infected workstations,” explains Blake. “Now we can group these reports to give us a better understanding of the complexity of each threat. Once you know the type of data you’re seeking, the information is more readily accessible.”
BMC also likes the way that ePO facilitates the enterprise-wide rollout of new anti-virus and anti-spam upgrades to the department’s workstations.
“With our previous solutions, we always struggled during the upgrade process. Every quarter we had to test and deploy two new application upgrades (not just patches) across the entire organization. We also had to manage all the change-control processes we have in place.”
After upgrading the applications, it took BMC’s IT department nearly one month to ensure the environment was updated. As a result, the whole process created an enormous time and resource challenge for the Center.
Within just the first week of application deployment, ToPS detected 95 types of threats not previously detected by the former product installed in BMC’s IT department. “The ease of use and robust functionality of ToPS allows us to manage security as a whole across the enterprise,” says Blake.
Next up: McAfee Host Intrusion Prevention
Now BMC is in the early stages of testing McAfee Host Intrusion Prevention (Host IPS). The Center is conducting a user pilot and developing policies for a complete rollout, which will include 5,000 endpoints. Plans are also in the works to deploy McAfee Network Access Control and McAfee Security for Email Servers.
“Just based on the McAfee VirusScan Enterprise and McAfee AntiSpyware Enterprise deployments alone, we’ve seen a lot of phishing emails going to our users,” Blake says. “So we know that McAfee can help us in a variety of different areas.”