By Josh Cook, IT director for The Cardiac and Vascular Institute and a Symantec Customer
In healthcare IT, we have one overriding priority: the security of personal health information (PHI). Like many fast growing healthcare practices, this was a challenge for The Cardiac and Vascular Institute (TCAVI), which was formed from the merger of two cardiology groups. When I was brought in to merge the IT departments, I found a mixed bag of antivirus solutions on the computers, some with no protection at all. This was a serious issue when it comes to protecting the PHI of patients. But with limited IT staff, we needed an endpoint security solution that we could administer and manage easily.
One pressing issue was that we contract more than a dozen external medical transcriptionists to create digital copies of medical records. These contractors work from home and were accessing our network via VPN, but many had no antivirus or they had trial versions of consumer AV software that had not been updated. We not only needed consistent protection on their machines, but also the ability to remotely manage this software to keep it up to date. Another issue we faced was mobility. Our doctors are on the go. They’re using laptops and tablets in a variety of places, including trade shows and conferences, where they are outside of our firewall. And with a small IT staff handling three different campuses, time is of course an issue. We can’t be everywhere at once and it isn’t practical to drive to a neighboring city to deal with a malware issue or update software.
With these factors in mind, I knew we needed an endpoint protection solution that could be managed in the Cloud. I learned that Symantec had a cloud-based security solution. Because it worked with the Backup Exec.cloud tool we were already using, it was a natural fit for us. Symantec Endpoint Protection Small Business Edition 2013 gives me a central console through which I can manage the deployment on any of our machines, whether in the office or in another city. I can push through updates on our contracted transcriptionists’ machines, and I can easily manage our licenses. The web-based console means I can manage the solution from anywhere I have an Internet connection, which lets me monitor and keep remote locations up to date even if the internal network is down.
When we first migrated over to Symantec Endpoint Protection Small Business Edition 2013, I showed my CEO the list of everything we blocked and he turned white. I’ve yet to have any malware infections on a machine that has been protected with the service – nothing gets through. I also get email alerts to let me know when it has blocked threats. Recently, we had a doctor at a conference in Italy, and SEP blocked three different attempted virus installations on his machine. With the Symantec service installed, I can be confident that our doctors have the most up-to-date protection on their laptops no matter where they are.
And, with the recent update to Symantec Endpoint Protection Small Business Edition 2013, we’ve been able to address another important security concern. USB flash drives are a significant potential threat to information security, especially with regulations such as HIPAA, and we needed a way to block the transfer of sensitive information onto these drives, based on policies we can define centrally. The update to Symantec Endpoint Protection Small Business Edition 2013 gave us this ability, which is a tremendous advantage in our efforts to remain compliant with legislation.
The takeaway for us, and what I would recommend to any IT department, is to evaluate your current endpoint security solution. If you don’t have the ability to manage your security from a central location, you should look at potential security vendors to find a cloud-managed service. Consistent protection, especially in an industry as heavily regulated as healthcare, minimizes your risk of losing important information and contributes to the overall health of your business.