Add to collection(s) Add to saved
  1. Science
  2. Health Science

Academic Medical Center Increases Network

Microsoft Windows XP Professional
Customer Solution Case Study
Academic Medical Center Increases Network
Security, Reduces Downtime
Overview
Country or Region: United States
Industry: Healthcare
Customer Profile
Wake Forest University Baptist Medical
Center, a leading academic medical center
based in Winston-Salem, North Carolina,
provides information centers, outpatient
services, and nearly 1,300 beds.
Business Situation
The medical center’s fully computerized
environment required a high level of
security and stability, yet was slowed
dramatically by virus attacks.
Solution
By deploying Microsoft® Windows® XP
Service Pack 2, the center gained an
automatic firewall to protect computers on
and off the network, and a way to isolate
the network in the event of a virus threat.
Benefits
 Federal security rule compliance
 Increased network security
 Improved network manageability
“The security features in Windows XP Service Pack 2
will allow employees to focus more on meeting patient
care, education, and research missions, and less on
fighting viruses and worms.”
Brian Uzwiak, Network Technology Services Manager, Wake Forest University Baptist Medical Center
Wake Forest University Baptist Medical Center is one of the leading
academic medical centers in the United States. It uses networking,
personal computer, and mobile technologies extensively to access
electronic medical records, computerized physician order entry, and
online curriculum. Its staff and student population uses more than
11,500 computers, 15 percent of which are mobile. In 2003, a
series of virus attacks cost the center tens of thousands of hours in
lost productivity in a single month. In response to that, and to
comply with new regulations protecting patient information, the
center is deploying a security solution that includes Microsoft®
Windows® XP Service Pack 2. The service pack’s easily configurable
automatic firewall helps protect computers both on and off the
network, and works with the center’s update management system
to help prevent future virus attacks.
“We have a fully
computerized electronic
medical record where
you are using
computerized physician
order entry in our clinical
areas. If the network
doesn’t work, it’s a big
deal.”
Brian Uzwiak, Network Technology Services
Manager, Wake Forest University Baptist
Medical Center
Situation
Wake Forest University Baptist Medical
Center, a partnership between Wake Forest
University Health Sciences and North
Carolina Baptist Hospital, is one of the
preeminent academic medical centers in
the United States. The center consistently
wins awards for excellence, including being
ranked among the top 50 hospitals in the
United States by U.S. News and World Report.
Although its main facilities and campus are
located in Winston-Salem, the center’s staff
and student population of 11,000 work in
locations across the state of North Carolina
and in southwestern Virginia. The center
generates approximately U.S.$1 billion in
revenue annually.
Wake Forest Baptist also is one of the
nation’s most technologically advanced
healthcare providers. The center’s clinical
equipment is linked directly to a fully
electronic medical record system that uses
computerized physician order entry for drug
prescriptions, a practice widely regarded in
the industry as essential to reducing medical
errors. The academic side of the center uses
an online curriculum. Each student receives a
portable computer to use in the classroom,
plus a handheld computer to use during
clinical work to track patient encounters. In
all, the center’s network supports more than
11,500 computers in a variety of settings.
Security Concerns
Both the medical center’s computer environment and the healthcare industry as a whole
have a variety of security concerns. The confidentiality and safety of medical information
is critical, especially in light of the recent
addition of new security rules to the U.S.
Health Insurance Portability and
Accountability Act of 1996 (HIPAA). The
rules require that patient health information
be safeguarded in a number of ways, including secure electronic transmission. A violation
of HIPAA could result in fines, lawsuits, and
negative publicity for the center.
The large number of portable computers used
by students, faculty, and staff presented
another security challenge for the medical
center. When a mobile computer is on the
campus network, it is protected by the
network’s firewalls and automated update
management system. However, when these
devices were connected to networks off
campus, they were not necessarily getting the
updates and were left open to viruses. “The
users would pick up viruses at other locations, bring their portable computers back to
our system, connect to the academic medical
center network, and start spreading viruses
around campus,” says Brian Uzwiak, Network
Technology Services Manager for Wake
Forest University Baptist Medical Center.
Because the medical center network wasn’t
adequately protected, it experienced a number of viral assaults, including attacks by the
Slammer, Blaster, and Welchia viruses. In
August 2003, the network was attacked
repeatedly, flooded with spurious traffic that
caused slowdowns and sporadic disruptions
in service. The center estimates that the outbreaks cost 100,000 hours of lost productivity across the campus in that month alone.
The biggest concern for the organization was
access to patient records and treatment
information—because without that data,
treating patients was difficult or impossible.
“We have a fully computerized electronic
medical record where you are using computerized physician order entry in our clinical
areas,” says Uzwiak. “If the network doesn’t
work, it’s a big deal.”
First Step to Resolution
The medical center began a program to
tighten its security. One of the first phases
was upgrading its computers to the
Microsoft® Windows® XP Professional
operating system from the Windows 2000
Professional and Windows NT® Workstation
operating systems. The increased stability
and security offered by Windows XP
Professional formed the base for the
new security initiative, but the high number of
portable computers frequently connecting to
the center’s network created a need for
additional security methods.
Wake Forest Baptist needed a system that
could protect the computers on and off the
network, and also be compatible with the
specialized programs that the center uses.
Any new solution would have to be configured
to work with the other programs without
negatively affecting the center’s productivity.
Solution
Wake Forest University Baptist Medical
Center chose to deploy Microsoft Windows XP
Service Pack 2 for its manageability and
security enhancements. While other solutions
were beyond the center’s budget, the service
pack is a free update to Windows XP
Professional. “Microsoft has provided this
functionality as part of the operating system,”
says Uzwiak. “We’re able to deploy this
functionality without any additional software
acquisition expense, whereas with the
alternatives we would have had to pay
$500,000 to $1 million to deploy
enterprisewide.”
Wake Forest Baptist began the Windows XP
Service Pack 2 deployment process by thoroughly testing the update against the many
programs that the center has in place for
both its clinical and academic settings. The
center conducted two months of extensive
tests against more than 50 mission-critical
enterprise applications. Additionally, it
completed a three-month pilot of Windows XP
Service Pack 2 with key users in departments
throughout the center to determine compatibility with local applications.
Microsoft Services sent Senior Consultant
Chris Bush to work with the center’s network
group to evaluate any possible application
conflicts and verify the Group Policy settings
that the center had set up. “The consultant
validated what we had done,” says Uzwiak.
“This was an important role, because we felt
like we needed that validation or audit before
moving forward with the actual deployment.”
The consultant and the network group set up
and verified the Group Policy settings for the
medical center. Of special concern were the
mobile computers that were taken from the
campus setting and connected to unknown
networks. The group established Group Policy
settings to configure Windows Firewall based
on the network connection. When the computers are on the campus network, exceptions
can be made to the firewall. When the computers are taken off campus, the installed
Group Policy settings restrict the firewall
exceptions to almost none, thereby protecting
the computer from potential attack.
After completing the Service Pack 2 configuration, the group began installation by using
Microsoft Systems Management Server
2003, part of Microsoft Windows Server
SystemTM integrated server software. The
deployment to all the medical center’s computers running Windows XP Professional is
expected to take three months to complete.
Benefits
Windows XP Service Pack 2 is helping Wake
Forest University Baptist Medical Center
improve security policies and systems as it
works to meet HIPAA requirements and make
the network more secure and manageable.
“The security features in Windows XP Service
Pack 2 will allow employees to focus more
on meeting patient care, education, and
research missions, and less on fighting
viruses and worms,” says Uzwiak.
“The firewall helps
protect computers when
the users are not here,
even without the
updates.”
Brian Uzwiak, Network Technology Services
Manager, Wake Forest University Baptist
Medical Center
HIPAA Security Compliance
Implementing Windows XP Service Pack 2
is one of the many steps that Wake Forest
Baptist is taking to meet the new HIPAA
requirements for protecting electronic
information. Windows Firewall assisted the
center in meeting these requirements by
helping block attacks on the network that
could render sensitive information
vulnerable.
Increased Security and Manageability
In addition to security and management
issues stemming from the medical center
network’s overall size and complexity, the
organization has a high number of mobile
devices connecting to the network on a
regular basis and causing further security
concerns. Windows Firewall works to protect
the computers and the network from attack
by helping block viruses from gaining entry,
even if security updates have not been
installed. “Although we have an automated
update management solution in place, using
Systems Management Server 2003 to deploy
updates while users are on campus,” says
Uzwiak, “when they’re not here, they’re not
necessarily getting the updates. The firewall
helps protect computers when the users are
not here, even without the updates.”
Windows XP Service Pack 2 also provides
easy configuration management through
Group Policy support. If additional exceptions
need to be added or denied, network administrators can manage Windows Firewall
through Group Policy. This benefits the
overall security, because it allows
administrators to lock down systems
while remedies are found for an exposed
vulnerability. Prior to the deployment of
Windows XP Service Pack 2, it took a week
after the announcement of a new security
update for the center to protect its systems
by testing and deploying the update. With
Windows XP Service Pack 2, if Windows
Firewall isn’t already configured to protect
against the exploitation of the vulnerability,
the center’s administrators can make a
Group Policy change and have the systems
protected in 20 minutes.
“If there is a known security issue, but there
isn’t a security update out yet or we haven’t
been able to properly test the update or
deploy it, we can go immediately to Group
Policy, change settings across the board, and
block whatever ports need to be blocked,”
says Uzwiak.
For More Information
Microsoft Windows XP Professional
For more information about Microsoft
products and services, call the Microsoft
Sales Information Center at (800) 4269400. In Canada, call the Microsoft
Canada Information Centre at (877) 5682495. Customers who are deaf or hard-ofhearing can reach Microsoft text telephone
(TTY/TDD) services at (800) 892-5234 in
the United States or (905) 568-9641 in
Canada. Outside the 50 United States and
Canada, please contact your local
Microsoft subsidiary. To access information
using the World Wide Web, go to:
www.microsoft.com
Microsoft Windows XP Professional gives you
the freedom to do what you want at home
and at work—simply, reliably, and securely.
For more information about Windows XP
Professional, go to:
www.microsoft.com/windowsxp/pro
For more information about Wake Forest
University Baptist Medical Center services,
call (336) 716-2255 or visit the Web site
at:
www.wfubmc.edu
Software and Services

© 2005 Microsoft Corporation. All rights reserved.
This case study is for informational purposes only. MICROSOFT
MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS
SUMMARY.
Microsoft, Windows, Windows NT, and Windows Server System
are either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries. All
other trademarks are property of their respective owners.
Document published February 2005
Products
− Microsoft Systems Management Server
2003
− Microsoft Windows XP Professional

Services
− Microsoft Services
− Microsoft Consulting Services
Related documents
Chapter 1Computer Concept
Chapter 1Computer Concept
MET 1103 Introduction to Computing
MET 1103 Introduction to Computing
ASP.NET MVC
ASP.NET MVC
Old YMCA Building in Richmond, Indiana 47374
Old YMCA Building in Richmond, Indiana 47374
Cloud OS Vision Deck Full Version
Cloud OS Vision Deck Full Version
Specific - Bedford/St. Martin`s
Specific - Bedford/St. Martin`s
Download