Daily life in most big-city hospitals is nothing like what you see on “ER,” with doctors rushing around continually, dashing from patient to patient, dealing with seemingly endless crises. In fact, most staff doctors and nurses work long, tiring shifts that are often filled with mundane diagnoses and treatments, along with a lot of downtime.
Since the advent of the Internet, many medical personnel fill a good portion of that downtime with Web surfing. With little else for entertainment available, doctors and nurses scour the Web for new medical studies or data on a particularly puzzling ailment.
And, like office workers everywhere, they read news sites; shop; and, inevitably, download all manner of malware and spyware.
Corporate IT departments the world over are dealing with the growing problem of spyware, and many organizations have found more than a few PCs infected to the point where they are essentially useless.
Thats an annoyance in an insurance company or advertising agency. But in a hospital setting, where those machines are used for entering diagnoses and ordering drugs, time is of the essence, and the problem can be downright dangerous.
At Denver Health Medical Center, the Level 1 trauma center for the Rocky Mountain region, the IT staff found itself in that situation last year. The 380-bed hospital has 3,200 PCs spread through the center itself, clinics and offices. The spyware problem in the PC population was so bad that IT workers were having to reimage some machines every other month. And it was taking medical staff as long as 2 minutes to log on to other PCs using the hospitals smart-card-based, single-sign-on solution.
That kind of performance was, understandably, not acceptable, especially since the hospital was in the middle of moving to a computerized physician order entry system. And 25 percent of the calls to the hospitals help desk were related to spyware. At an average cost of $10 per call, that was adding up to nearly $5,000 per month in help desk costs.
“If you get enough spyware on a computer, it stops responding,” said Jeff Pelot, chief technology officer at Denver Health. “We were using [PepiMK Softwares] Spybot [Search & Destroy] and [Lavasoft Inc.s] Ad-Aware, but it got to the point where it was quicker to reimage the machines. The doctors got so fed up that they wanted to go back to paper.”
That was obviously not an option. So Pelot began looking for an enterprise-ready anti-spyware solution. He said he quickly found that his options were quite limited. Until very recently, nearly all anti-spyware tools on the market have been consumer-focused solutions that reside on individual machines and remove infections after theyve occurred.
That situation is beginning to change, with several security vendors introducing enterprise anti-spyware products in recent months. And Microsoft Corp. plans to roll out its own enterprise-ready spyware defense solution later this year; the company has already released a beta version of its consumer product.
After talking to analysts at Gartner Inc. and representatives of Computer Associates International Inc. about its new solution, Pelot decided on a 30-day trial of Blue Coat Systems Inc.s ProxySG appliance.
Blue Coats box sits between the customers internal network and the Internet and acts as a proxy for all Web requests users generate. Administrators can assemble white lists of sites users are allowed to visit, and the appliance can block access to all other sites. Customers can take the opposite approach by blocking a few sites and allowing all others.
Most important for Pelot and Denver Health, ProxySG includes an anti-spyware capability that combines several techniques. Through the use of five discrete URL-filtering databases, the appliance can block access to known adware and spyware Web sites. It can also prevent malware already resident on a PC from connecting to known undesired sites.
“Thats the kind of control we needed on the clinical machines,” Pelot said. “Even the best cleaners will miss something.”
How Blue Coat Handles
ProxySG scans inbound Web traffic for known spyware signatures and does so at line speeds without noticeable latency. As a last line of defense, the system inspects outbound Web traffic for spyware transmissions and can identify which machines have infections and need cleaning.
Given the critical role IT plays in the hospitals operations, it was imperative that whatever solution Pelot chose be able to plug right into the network with a minimum of setup and configuration.
“I didnt need something that would add more complexity to the picture,” Pelot said.
Denver Healths network is by no means simple. In addition to the 3,200 PCs, Pelots staff oversees more than 200 Windows servers, a few Unix boxes and 21TB of stored data—all connected by a Gigabit Ethernet backbone and fiber-optic connections.
Throw in an intrusion detection system, intrusion prevention and anti-virus scanners, and you have a tremendously complex environment. The last thing Pelot said he and his staff wanted was another solution that needs a lot of care and feeding.
Pelot configured the ProxySG to limit Internet access to just business-related sites during the trial deployment. There was a bit of resistance from the medical staff, some of whom complained about the loss of freedom to roam the Internet, but Pelot and his staff explained that the restrictions were necessary to prevent spyware infections and resultant network slowdowns that had plagued the hospital for months. That reasoning mollified most users, who were happy not to wait 5 minutes to enter a drug order.
The result: After a month, none of the PCs had a single spyware infection. And Pelot has moved into a full-scale deployment of Blue Coats solution.
“Doctors and nurses have a lot of downtime. They love to look around the Internet, like everyone else,” Pelot said. “But in an environment where were depending on the PCs to be fast and responsive, spyware can be a serious problem. Blue Coat has eradicated that.”
Blue Coat executives said that more and more of the companys customers are coming to them with stories remarkably similar to that of Denver Healths. Many organizations have tried using desktop anti-spyware solutions, but most of those products are effective at cleaning machines only after theyve been infected; they do nothing to prevent infections. Not having a mess to clean up in the first place can save IT departments a considerable amount of time and money.
“The vast majority of our customers are coming to us with spyware problems. Most of them are telling us that 10 to 20 percent of their help desk calls are because of spyware,” said Chris King, product manager at Blue Coat, based in Sunnyvale, Calif. “There are some outliers whose numbers are [greater than] Denver Healths. And I think in a lot of cases, the security staff isnt aware of those numbers.”
For the IT team at Denver Health, Blue Coats solution has been the right medicine, Pelot said. He estimates that installing ProxySG will save the hospital nearly $200,000 in two years.
“I was not in a situation where I could wait. Our users are very happy right now. This is the first time weve gone 30 days without a major slowdown,” Pelot said. “Can we allow the network to be down for a while? No. I dont think I could afford not to do this.”