Intrusion Detection Trumps Prevention for Healthcare Computer Networks

Many health-care organizations are going beyond firewall and intrusion-detection technologies and counting on intrusion-prevention products to safeguard their systems.

"As a health-care provider, we've increased our security, we have a much better capability to reject worms, viruses that a firewall wouldn't be able to prevent," says Randle Moore, chief information security officer at University of Texas Health Science Center at Houston, which runs the IT systems for about 10 ambulatory-care clinics in Texas, as well as computers used by university researchers involved in projects such as clinical trials.

In a health-care environment, potent viruses can inflict tremendous havoc--not just the kind of viruses that make patients sick, but computer viruses that can cripple electronic medical-record and other patient-information systems.

If doctors are unable to access electronic patient records or digital images such as X-rays when treating a patient because of a system crash caused by a worm, virus, or denial-of-service attack, care can be greatly compromised. On top of that, the Health Insurance Portability and Accountability Act requires the protection of patient information.

About two years ago, Moore's organization deployed UnityOne intrusion-protection systems from TippingPoint Technologies Inc. Within a month, when the Sobig.F virus spread through the Houston region for several days, the system blocked more than 1.2 million infected E-mails an hour from entering the university health-science center's systems, Moore says. However, among Sobig.F's victims were parts of the University of Texas that hadn't deployed the intrusion-prevention product, he says.

Since then, the TippingPoint system has blocked millions more potentially dangerous intrusions from entering the health-science center's network. "Our doctors can't be blocked from getting to the clinical information that they need," Moore says.

Traditionally, universities have been more vulnerable to viruses and other security problems than commercial companies, says Andy Salo, TippingPoint's director of product management. They have large populations of student users and systems that can log on to their networks yet aren't under the control of IT organizations, he says.

That also makes teaching medical centers whose systems are connected to university networks potentially more vulnerable to intrusions like viruses, he says.

TippingPoint in October will begin shipping to customers in all industries the UnityOne-100E intrusion-protection system, which includes advanced denial-of-service protection and performs at 100 Mbps.

Loading