Preventive measures at FirstHealth

Centralized security management heals problems and saves money.

All-Star category: Security

FirstHealth of the Carolinas believes in preventive medicine, an attitude that extends to its corporate network health.

In a little more than a year, the company went from a reactive security posture that relied solely on antivirus, firewalls and VPNs to an active security infrastructure based on state-of-the-art tools working in concert and controlled by a centralized security-management application.

For this aggressive yet studied approach to security - and especially its management - FirstHealth earns a 2006 Enterprise All-Star Award. Faced with an increasing number of zero-day attacks, this private, not-for-profit healthcare network serving 15 counties in the mid-Carolinas realized its old security setup wasn't working anymore.

"Antivirus vendors couldn't get security patches out quick enough. Sometimes attacks were going around the world in less than two hours," says Jonathan Campbell, technology director at FirstHealth, in Pinehurst, N.C.

With Health Insurance Portability and Accountability Act (HIPAA) security requirements mandating the confidentiality, integrity and availability of hospital data, the problem became clear. "We needed a better way," Campbell says.

In January 2005, the group decided to implement a variety of tools intended to secure the network from host to perimeter. These included Cisco host-based intrusion-detection and -prevention sensors, as well as new wireless security and monitoring systems and Websense for Internet filtering. The key, Campbell says, was ensuring that every new security piece could be managed from a single, centralized application - Network Intelligence's Envision.

Proactive by design

Envision receives and correlates alerts on such issues as workstation lockouts, network configuration changes and firewall- breach attempts. "We wanted to make sure we correlated everything and got the right information to the right people - and that's where Envision comes in," Campbell says. "We can see it all from one application, and we can push out from that engine correlated alerts via pages and e-mails. And now we can react to them pretty quickly."

He found out just how quickly in August 2005, when the security project was half finished and the Zotob worm took aim at the FirstHealth network. While such a situation previously would have left Campbell dealing with network outages, this time around he didn't have to do anything. The Cisco host-based sensors blocked the worm and prevented the attack, he says.

"Before this implementation, we could only be reactive to a wireless security breach. Now . . . we can actually get pages on breach attempts and view . . . the physical location of the breach."

- jonathan campbell, technology director, firsthealth of the carolinas

Integrating wireless security information from Cisco's Access Control Servers and Wireless LAN Solutions Engine (WLSE) also has been essential, Campbell says. "Before this implementation, we could only be reactive to a wireless security breach," he says. "Now [with Envision] we can actually get pages on breach attempts, and with the Location Manager in WLSE, we can actually view the physical location of the breach. We can stop breaches before they occur instead of reacting to the breaches after they occur."

Because FirstHealth mandated new security initiatives that can be managed centrally and cohesively, the healthcare group no longer is at the mercy of zero-day attacks. Although the cost of the project totaled $240,000, Campbell figures that in the first year the company will save $250,000, solely from reduced network downtime.

"We started all this because of HIPAA, but as we got into it and started seeing things happen, we actually saw a bigger payback than what we were originally thinking [because of the centralized control]. The security components act as one cohesive unit, not a large number of individual components," Campbell says. "That's the key."

Cummings is a freelance writer in North Andover, Mass. She can be reached at

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.