Concerned that patients and clinicians could be unwittingly exposing NSW private health provider Mater Health to malware, IT security manager Peter Param decided that its broadband network needed monitoring.
Speaking at Pulse 2012 in Sydney, Param told delegates that it does intend the monitoring to be for nefarious “Big Brother” uses, but to cut down activity on its network which could be classed as malicious and dangerous for the provider.
“We faced a number of challenges including the risk of malware, which [clinical] applications were being used, how much bandwidth is being used by the applications and who is using the applications,” he said.
Approximately 600 users have access to the Mater Health Services network. Patients can access the interenet via a Wi-Fi hotspot. Having worked with IBM before, Param selected the vendor's information security directory integrator (ISDI) to identity users and their traffic profile.
“We can recognise clinicians because they are required to log in with their full name but in the Wi-Fi hotspot, patients are identified by their wrist band number which they must type in to access the hotspot,” Param said.
As a result, Param has seen some interesting broadband usage. For example, clinicians are accessing work/business related content while pre-operation patients were most likely to access Facebook and YouTube.
“We’ve also detected PoisonIvy malware coming through one of the clinician workstations which is interesting because it’s a backdoor type of malware,” he said.
Param added that the next step in the project is to analyse individual data flows and export data to its QRadar security intelligence platform.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU