Zhongshan Hospital Case Study
Zhongshan Hospital is a major teaching hospital in Shanghai, China. Like many hospitals across the world, it is driving a new "Internet + Healthcare" digital healthcare model. While this has allowed the hospital to provide more modernized and effective healthcare, it has also led to increasingly complicated network security challenges.
Indeed, cyber-attacks against hospitals are becoming more common amid digital transformation in healthcare. They have led to large-scale data leaks of electronic health records (EHR) and hospital closures. So why is the network security of hospitals so fragile?
1. Digital Transformation in Healthcare Widens Attack Surface
Digital transformation in healthcare is taking place at a rapid pace. Hospitals are pushing digital initiatives to provide high-quality patient care and improved patient convenience. To do this, hospitals are adopting technologies called the Internet of Medical Things (IoMT). A Deloitte report estimates that the IoMT market is worth $158.1 billion in 2022. However, IoMTs have widened attack surfaces and opened hospitals to a greater risk of cyber-attacks. IT security staffing has not caught up with digital transformation in healthcare. Hospitals simply do not have the numbers and expertise for round-the-clock security operations to keep their network secure.
2. Digital Transformation in Healthcare Complicates Processes
The widespread adoption of multi-cloud environments has also left hospitals more vulnerable. Hospitals face steep learning curves in understanding the management methods, security policies, and handling procedures of different cloud service providers (CSP). These may hinder a hospital’s ability to respond to security incidents in time and miss the "golden time" for remediation.
3. Digital Transformation in Healthcare Demands Advanced Security
The existing security technologies of hospitals cannot keep up with the constant evolution of adversary tools and techniques. Updating and purchasing extra protection is costly. This makes it hard to strike a balance between cost and effectiveness.
In the face of intensifying cyber security threats, what can be done to secure digital transformation in healthcare? How can we protect the critical data and systems of hospitals? Let’s see how Zhongshan Hospital answered this question.
Source: https://www.zs-hospital.sh.cn/zsyy/n15/index.html
Project Background
To safeguard its project, Zhongshan Hospital has taken a proactive approach to address the three challenges mentioned above. The hospital has basic security in place, such as an IT security team and security devices, but it believed it needed an end-to-end security system to replace "static protection" with "dynamic operation".
With this vision, Zhongshan Hospital chose to leverage Sangfor Cyber Guardian, a managed detection and response (MDR) service. With Cyber Guardian, the hospital built a security operations platform (hereafter referred to as Platform) that provides 24/7 automated threat detection and response. The platform integrates the hospital’s on-prem security set-up with Sangfor’s online security experts and cloud-delivered solutions. They continuously monitor assets to detect vulnerabilities, threats, and attacks to protect the hospital’s digital transformation.
1. Security Management of the Application Lifecycle
The platform protects the hospital’s applications in three main stages of the application lifecycle — deployment, O&M, and decommissioning. Various measures are implemented to protect the hospital’s applications, including the ECS, HRMS, HIS, LIS, and CTMS.
Before an application is deployed, a complete security assessment is conducted, including code auditing, penetration testing, and vulnerability scanning.
After an application is deployed, Sangfor's security experts conduct 24/7 threat monitoring, detection, and response. Sangfor’s experts also assist the hospital’s O&M team with incident handling and policy optimization. Risks associated with application upgrades and evolving adversary techniques are also mitigated.
When an application is to be decommissioned, the hospital’s O&M team designs a decommission plan, recycles resources, and deletes configurations. This is done according to a standardized process to avoid shadow assets.
2. Unified security operations management in a multi-cloud environment
To solve the security issues of a multi-cloud environment, the hospital needed a security operations system that offers unified management.
The Platform integrates the on-prem security team and devices, the CSP, and Sangfor’s online security experts and solutions into a unified system. The Platform issues tasks to each role to achieve closed-loop remediation. All security incidents and high-risk vulnerabilities are handled in an efficient and accurate manner.
The speed and accuracy of issuing tasks are important in such a unified system. In this respect, Sangfor’s MDR service plays a crucial role. The AI-enabled Platform and Sangfor’s security experts combine to detect all threats within 1 hour. The hospital’s security team is alerted within 30 minutes. When faced with advanced attacks such as APT and ransomware, the hospital no longer has to rely on one security engineer. Sangfor shortens the analysis and investigation time by one-third using its case handling, use case, and survey libraries. These are accumulated from serving over 2,000 MDR customers and greatly improve the accuracy of threat remediation.
The Platform can also map security risks and events with intuitive indicators. Data and graphs are provided with weekly, monthly, quarterly, and annual security reports. These allow the IT security team to conduct daily security work more efficiently and support future security construction decisions.
3. An efficient and cost-effective on-prem & online response mechanism
Thanks to Cyber Guardian MDR, the hospital built the “human-machine intelligence” Platform without any increase in personnel and equipment investments.
On-prem and online correlation ensures efficient incident response. The hospital solved the two major security challenges of healthcare organizations — the lack of IT security personnel and high security construction costs.
With the help of Sangfor Cyber Guardian MDR, Zhongshan Hospital has truly established a robust end-to-end security system for a secure digital transformation in healthcare.
Secure Your Healthcare Digital Transformation with Sangfor
Digital transformation in healthcare is a truly virtuous act, helping to improve patient care, cure illnesses, and save lives. Do not allow bad actors with cruel intentions to destroy this.
Sangfor is a specialist provider of cyber security and cloud computing solutions. Thanks to a dedicated healthcare business division and rich industry experience, Sangfor is perfectly positioned to help healthcare organizations build and secure their digital transformation initiatives. Contact Sangfor for a free consultation and see how we can help you build a productive and safe digital healthcare system.
For more information on cyber security risks and digital transformation in healthcare, please feel free to read the following articles:
- Hospitals Under Cyber Attack: The Symptoms, A Diagnosis & Some Prescriptions
- Cloud Computing in the Healthcare Industry
