“Arctic Wolf helps us overcome huge challenges. Getting clear visibility across our infrastructure was a worrisome issue until we engaged Arctic Wolf. And locating, training, and retaining security personnel in our geographic area can be challenging, but collaborating with Arctic Wolf’s Concierge Security™ Team lets us maintain visibility and meet compliance obligations.”
-Dr. Jason A. Thomas, Chief Operating Officer and Chief Information Officer, Jackson Parish Hospital
Protecting Patient Health Information and Hospital Infrastructure
Jackson Parish Hospital is a 25-bed critical access hospital with 200 employees located in Jonesboro, Louisiana. Its facilities include a main campus and four provider clinics. The Jackson Parish IT team consists of three members that balance a variety of IT responsibilities including system maintenance, deploying new infrastructure, and managing cybersecurity. The team is accountable for managing and monitoring a diverse infrastructure that includes about 600 endpoint devices, nearly 50 servers, network infrastructure with a variety of switches, routers, and access points, and cloud services such as Office 365.
When Dr. Jason Thomas assumed responsibilities as COO and CIO at Jackson Parish, he started with only one technical staff member and an out-of-date IT infrastructure. He worked to recruit new employees and increased the staffing to three total, but early on realized that the IT team lacked comprehensive visibility across the hospital’s IT infrastructure and cybersecurity expertise was difficult to recruit, if not almost unattainable in rural Louisiana. According to Thomas, “We had no documentation, no configuration information, inconsistent administration, and old equipment. I had little trust in the integrity of the environment. We needed a way to get visibility to ensure we could comply with federal law and a way to ensure that we could be proactive against threats, rather than reactive to them.”
These compliance requirements include the Health Insurance Portability and Accountability Act (HIPAA) for electronic patient health information (ePHI), as well as the Payment Card Industry Data Security Standard (PCI DSS) for credit cardholder data.
A Three-Fold Goal: Enhance Visibility, Mitigate Risk, and Fulfill Compliance Obligations
Jackson Parish lacked a solution to holistically monitor its infrastructure and detect threats when it began considering available options. The hospital used a managed service provider to aggregate and report on sources of log telemetry, but it only used a small fraction of potential log sources and provided no security monitoring.
“We handle sensitive patient information that we must protect,” Thomas said. “What we had was inadequate and didn’t provide the visibility or reporting that we needed.”
Thomas had worked with Arctic Wolf at another hospital and decided to deploy the Arctic Wolf SOC-as-a-service at Jackson Parish, especially after considering the difficulty of finding the right talent in the region. “Using a managed service like Arctic Wolf made sense from a financial and strategic standpoint,” commented Thomas. “Arctic Wolf is an extension of our team and takes on security monitoring burden. We get customized security from a team that understands our environment.”
Adapting to Improve IT Health
Jackson Parish quickly deployed Arctic Wolf™ Managed Detection and Response (MDR) and gradually increased the amount of data directed to the service. Today, Jackson Parish continues to add log sources to the mix to improve visibility.
“Adding the log sources is easy, plus we don’t get charged as we add log feeds—unlike a prior experience I had with Dell Secureworks, Thomas said. “Arctic Wolf’s “all-you-can-eat” approach gives me needed visibility and means I can monitor everything I want without breaking my budget. I try to send any and all logs from any device to Arctic Wolf.”
Among the threats Arctic Wolf has discovered at the hospital include bitcoin mining malware accidentally downloaded into a browser cache by an employee. And, as Thomas explains, “The Concierge Security Team flagged outgoing internet traffic originating from a radiology system. Up until that time, we hadn’t realized it was capable of sending patient information, a consequence of the poor documentation and configuration management that was inherited when I arrived. That sort of visibility allows us to reduce potential risk, as well as focus IT efforts on areas that directly improve operations and patient-related care.”
The Concierge Security Team gives the hospital an invaluable boost in terms of needed staff and resources. “We are a relatively lean organization and we view Arctic Wolf as an extension of our team,” said Thomas. “The Concierge Security team has enabled us to act promptly when potential security incidents come up, as well as helped us maintain compliance in an ever-changing healthcare IT world.”
Arctic Wolf MDR also helps keep Jackson Parish safe as they connect to and work with other healthcare entities and local partners. According to Thomas, “When we initially began our telemedicine program with the local school district, we were faced with the prospect of placing medical equipment on each school’s network and then trying to ensure it remained secure, while still being able to operate it normally as well as access it remotely for troubleshooting. Schools are notorious for having curious students prodding systems and security, and an ePHI breach is no laughing matter. Working with the Concierge Security Team, we were able to ensure that our medical equipment is isolated from those would-be hackers and we’re alerted the moment something out of the ordinary happens. It gives me a little more peace of mind to know that I’ve got people watching it around the clock, even while it’s out of my own sight.”
Following the initial Arctic Wolf MDR deployment, Jackson Parish added monitoring for its Office 365 environment. “Email is one of those places where patient information can get lost or compromised, Thomas said. “Our firewalls protect us from suspicious traffic coming from overseas, but Office365 exists outside of our systems and we have limited control over how Microsoft operates it. Arctic Wolf was able to assess that point of risk and provided an easy way to watch for suspicious activity across that environment.”
What’s New and What’s Next
More recently, to better understand its IT assets and management vulnerabilities, Jackson Parish deployed Arctic Wolf™ Managed Risk. “Having a team to assess and manage vulnerabilities while monitoring our environment really helps us reduce our threat surface. We’ve made considerable progress in rebuilding integrity and trust in our IT systems, but risk never goes away and if we aren’t aware of it, we can’t work to mitigate it.” Thomas said.
Arctic Wolf has also given Jackson Parish the flexibility to improve its IT operations while maintaining a strong security posture. In addition to deploying software-as-a-service (SaaS) applications like Office365, Jackson Parish recently updated its internal infrastructure with new wireless and switching networks, and has turned to VMware for virtual servers.
Jackson Parish now plans to add to its compliance credentials by adding HITRUST compliance. Commented Thomas, “While we already have HIPAA and PCI-DSS under our belts, I like that Arctic Wolf can also generate reports to validate HITRUST compliance around monitoring to support our efforts to go paperless.”
When asked to describe Jackson Parish Hospital’s relationship with Arctic Wolf, Thomas beamed. “Arctic Wolf has a great service and great team,” he said. “They’ve been able to seamlessly adapt as our organization has changed and evolved. Arctic Wolf lets me be proactive rather than reactive, which keeps me happy at my job and confident that we are doing everything we can to safeguard the sensitive information that our patients entrust to us for their care.”