Moffitt Cancer Center secures radiology machines by ditching anti-virus software
February 12, 2019
By Dave Summitt
In healthcare, one of the most challenging areas to secure is the radiology department. The machines that interpret radiology scans and other medical images at Moffitt Cancer Center are regular Windows-based workstations running GE-PACS. They are connected to the network and can potentially be exposed to web-borne malware or threats that hide inside malicious email attachments, if or when employees use these machines to check their email.
Modern computer scanning equipment is designed to take pictures of large sections of the patient’s body in just seconds. The images need to be very detailed, doctors usually request to see multiple images at once, and they often need this information in real time. At Moffitt, we were using traditional anti-virus software on our workstations, but we noticed that it was causing substantial degradation in performance.
Because the AV had to scan every image as it came across before presenting them to the viewer, it was really slowing things down. In fact, it wasn’t uncommon for Moffitt’s radiologists and technicians to wait several minutes for each scan to come up. We quickly realized we needed to find a solution that would shield the machines from threats, known and unknown, while preserving usability and performance.
A new approach
I first learned about Bromium while I was CISO at the University of Alabama Birmingham Healthcare System. When it was first presented to my team there, it was kind of a “wow moment”. I fell in love the first day I saw it. It works by isolating web pages, emails, attachments and so on within micro-VMs, which means that the threat is instantly neutralized, as the hacker can’t get anywhere.
Upon moving to Moffitt, I brought my experience with Bromium with me as a tool to better understand what potential threats may be lurking in the Moffitt environment. Initially we began intentionally infecting a few select PCs to observe how threats unfold and how they behave throughout their life cycle. We reviewed the complete kill chain analysis, which gathered all available information about the threat to help us harden our cyber defenses.
Then it dawned on me; we already own Bromium, so why don’t we try to remove the anti-virus from the radiology machines and protect them in that manner? Our initial trial was successful, and today more than 30 of our critical radiology reading machines run Bromium. Even when people are using those machines for things not related to radiology, like downloading files from the internet or checking email, we have a way to protect them.
Real savings and tangible performance improvement
Since removing anti-virus from the radiology workstations and replacing it with Bromium, we have noticed a significant improvement in machine performance. It doesn’t rely on scanning, so everything can be done in real time and we are confident that even if something nasty does get to a user we are still protected, as the threat will be isolated.
Removing the performance lag has increased staff productivity, helped our doctors make speedier decisions, and improved patient care efficiency. Our IT security and SOC operation teams can now quickly and efficiently determine the impact of incoming malware and begin remediation efforts before it becomes a larger issue. My next goal is to remove AV from our remote coders’ endpoints, as managing anti-virus updates for remote workers can be a challenge.
Sharing the experience with other healthcare facilities
Most of today’s medical facilities use machines that read radiology images, and they are likely to experience the same issues that we came across – these devices can’t be left unprotected, but anti-virus causes performance problems, which is unacceptable, especially when scans need to be read quickly to make swift decisions about patient care. There are great lessons to be learned here; the success we had will help other medical facilities because patient care and satisfaction is the utmost priority for all of us in the healthcare field.
About the author: Summitt is an industry veteran. He spent 21 years with the Department of Defense, before transitioning to the healthcare sector. In 2017, he was awarded the Information Security Executive Southeast People’s Choice Award, and his department’s Security Operations Center (SOC) was nominated as a leading project. More recently, Summitt has been brought in as a fellow to the Institute of Critical Infrastructure Technology, a national cyber-security think-tank and was recently invited to become a member for the Forbes Technology Council.
H. Lee Moffitt Cancer Center & Research Institute is a nonprofit cancer research and treatment facility located in Tampa, Florida. Moffitt is one of the only 49 National Cancer institute-designated comprehensive cancer centers, and is ranked No. 9 cancer hospital in the nation.
In healthcare, one of the most challenging areas to secure is the radiology department. The machines that interpret radiology scans and other medical images at Moffitt Cancer Center are regular Windows-based workstations running GE-PACS. They are connected to the network and can potentially be exposed to web-borne malware or threats that hide inside malicious email attachments, if or when employees use these machines to check their email.
Modern computer scanning equipment is designed to take pictures of large sections of the patient’s body in just seconds. The images need to be very detailed, doctors usually request to see multiple images at once, and they often need this information in real time. At Moffitt, we were using traditional anti-virus software on our workstations, but we noticed that it was causing substantial degradation in performance.
Because the AV had to scan every image as it came across before presenting them to the viewer, it was really slowing things down. In fact, it wasn’t uncommon for Moffitt’s radiologists and technicians to wait several minutes for each scan to come up. We quickly realized we needed to find a solution that would shield the machines from threats, known and unknown, while preserving usability and performance.
A new approach
I first learned about Bromium while I was CISO at the University of Alabama Birmingham Healthcare System. When it was first presented to my team there, it was kind of a “wow moment”. I fell in love the first day I saw it. It works by isolating web pages, emails, attachments and so on within micro-VMs, which means that the threat is instantly neutralized, as the hacker can’t get anywhere.
Upon moving to Moffitt, I brought my experience with Bromium with me as a tool to better understand what potential threats may be lurking in the Moffitt environment. Initially we began intentionally infecting a few select PCs to observe how threats unfold and how they behave throughout their life cycle. We reviewed the complete kill chain analysis, which gathered all available information about the threat to help us harden our cyber defenses.
Then it dawned on me; we already own Bromium, so why don’t we try to remove the anti-virus from the radiology machines and protect them in that manner? Our initial trial was successful, and today more than 30 of our critical radiology reading machines run Bromium. Even when people are using those machines for things not related to radiology, like downloading files from the internet or checking email, we have a way to protect them.
Real savings and tangible performance improvement
Since removing anti-virus from the radiology workstations and replacing it with Bromium, we have noticed a significant improvement in machine performance. It doesn’t rely on scanning, so everything can be done in real time and we are confident that even if something nasty does get to a user we are still protected, as the threat will be isolated.
Removing the performance lag has increased staff productivity, helped our doctors make speedier decisions, and improved patient care efficiency. Our IT security and SOC operation teams can now quickly and efficiently determine the impact of incoming malware and begin remediation efforts before it becomes a larger issue. My next goal is to remove AV from our remote coders’ endpoints, as managing anti-virus updates for remote workers can be a challenge.
Sharing the experience with other healthcare facilities
Most of today’s medical facilities use machines that read radiology images, and they are likely to experience the same issues that we came across – these devices can’t be left unprotected, but anti-virus causes performance problems, which is unacceptable, especially when scans need to be read quickly to make swift decisions about patient care. There are great lessons to be learned here; the success we had will help other medical facilities because patient care and satisfaction is the utmost priority for all of us in the healthcare field.
About the author: Summitt is an industry veteran. He spent 21 years with the Department of Defense, before transitioning to the healthcare sector. In 2017, he was awarded the Information Security Executive Southeast People’s Choice Award, and his department’s Security Operations Center (SOC) was nominated as a leading project. More recently, Summitt has been brought in as a fellow to the Institute of Critical Infrastructure Technology, a national cyber-security think-tank and was recently invited to become a member for the Forbes Technology Council.
H. Lee Moffitt Cancer Center & Research Institute is a nonprofit cancer research and treatment facility located in Tampa, Florida. Moffitt is one of the only 49 National Cancer institute-designated comprehensive cancer centers, and is ranked No. 9 cancer hospital in the nation.