Freely subscribe to our NEWSLETTER

Hadassah Medical Center is one of the largest medical complexes in Israel, encompassing two university hospitals with 6,000 employees and nearly 10,000 network-connected devices. Ever vigilant in regards to security and fearful that the growing number of personal mobile devices connecting to his network could be a weak link in his security armour, Hadassah’s Chief Information Security Officer Barak Shrefler and his IT team began to search for a comprehensive solution that would allow him to instantly know who and what systems were on the network and to automatically block unauthorised users or anyone partaking in risky or suspicious behaviour.

The IT team evaluated many of the traditional mobile device management (MDM) solutions, but soon realised these applications would need to be managed and maintained outside of its existing network, which was problematic. The team turned to ForeScout CounterACT network access control (NAC), which had first been implemented three years earlier, for new options. They were strong proponents of hybrid NAC solutions, which allowed both 802.1x and agentless device authentication and endpoint compliance mechanisms. This combination was ideal for the medical centre’s broad range of devices that included embedded medical systems requiring an agentless approach. The deployment of ForeScout Mobile, a plug-in for CounterACT, was the BYOD solution the team was looking for because it allowed policies based on the user, device, network, application and data leakage risks, and managed devices. “CounterACT and ForeScout Mobile helped us enable a very effective solution that on one side adds a major security layer, but from the other doesn’t become a burden on our users or the security team,” said Shrefler.

Once CounterACT was configured to track the mobile devices, IT was able to drill into the activity of each device and setup alerts for potentially destructive incidents such as disallowing jail-broken devices, enforcing security standards and being able to disable certain applications such as cloud services, and Bluetooth connections along with screen captures and cameras so that patient records would be protected. CounterACT also provides visibility into each individual device on the network while its new tactical map allows an at-a-glance view of the three campus network with the ability to click any item and drill down to investigate and remediate issues.

CounterACT has alleviated BYOD security concerns and has brought additional savings to the medical centre. “Without CounterACT, the only way to deploy and control mobile devices would have been to have the hospital purchase them and limit their functionality,” continued Shrefler. “While limited functionality is fine in the medical centre, when the device goes home with its owner we want all the device’s features to be fully functional. With CounterACT, my team can control the functionality of the device based on its location and environment.”