Pulse 2012: User identity lessens security risk for Mater Health
- 01 June, 2012 15:02
Concerned that patients and clinicians could be unwittingly exposing NSW private health provider Mater Health to malware, IT security manager Peter Param decided that its broadband network needed monitoring.
Speaking at Pulse 2012 in Sydney, Param told delegates that it does intend the monitoring to be for nefarious “Big Brother” uses, but to cut down activity on its network which could be classed as malicious and dangerous for the provider.
“We faced a number of challenges including the risk of malware, which [clinical] applications were being used, how much bandwidth is being used by the applications and who is using the applications,” he said.
Approximately 600 users have access to the Mater Health Services network. Patients can access the interenet via a Wi-Fi hotspot. Having worked with IBM before, Param selected the vendor's information security directory integrator (ISDI) to identity users and their traffic profile.
“We can recognise clinicians because they are required to log in with their full name but in the Wi-Fi hotspot, patients are identified by their wrist band number which they must type in to access the hotspot,” Param said.
As a result, Param has seen some interesting broadband usage. For example, clinicians are accessing work/business related content while pre-operation patients were most likely to access Facebook and YouTube.
“We’ve also detected PoisonIvy malware coming through one of the clinician workstations which is interesting because it’s a backdoor type of malware,” he said.
Param added that the next step in the project is to analyse individual data flows and export data to its QRadar security intelligence platform.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Spiceworks' free management software gets integrated MDM
Top 10 tips for Migration
As users bring multiple devices to the workplace, IT departments need to have a single view of all their mobile devices. Find out how to build a secure and reliable management platform for next generation mobile computing across multiple platforms. Click for more!
BYOD and Beyond - Implementing a Unified Access Solution
The rise of BYOD programs is the single most radical shift in the economics of client computing for business since PCs invaded the workplace. Whether you are contemplating the creation of a BYOD program or currently trying to establish one, this fact cannot be overstated. Find out how to overcome these challenges.
Maximising productivity without sacrificing security
Advances in mobility and client computing technology combined with the ubiquity of the Internet and social media are creating a culture and desire for constant connectivity and anywhere access to information. As these trends extend from the home into the work place, IT managers should consider seriously the opportunities for increased productivity and communication with customers and constituents, as well as understand the increased security risks posed by online, anytime access to private networks and data. Read more.