Visualize even difficult threats and collaborate with SIEM and firewalls to prevent them. Learn from Nagasaki University Hospital, which improves the accuracy of the gray zone decision with its own operation.

Undertaking sound management and Hospital management, Nagasaki University Hospital strives to maintain the highest standard of medical care and nurture excellent medical staff with rich humanity, and contributes to improving the health of the local community and the creation and development of new medical care. .. As a health institution of the hospital, its sound management status and functionality have been highly evaluated by various parties. Among the hospitals (special function hospitals), the number one spot in Japan is maintained in 2018 and 2019.

The hospital has managed the information security needed by today's healthcare institutions. The medical information network based on electronic medical records and the Internet-connected information network is physically separated, and security measures are mainly implemented at gateways and endpoints. The rules are followed thoroughly. We have also appointed two trainers to encourage the proper use of IT, and to obligate doctors and staff to attend. We also manage to provide passwords and passwords that only allow users who have completed the course to access various systems.

"We are taking measures from both the system and the human perspective, based on the idea that the unconscious operation of the user may be a security vulnerability," Takehiro Matsumoto from Nagasaki University Hospital. Said.

　Regarding the devices connected to the network, one of the features of the hospital's IT environment is that many PCs, smartphones, tablets, etc., as long as you apply for MAC address registration. It is a high degree of freedom that allows you to bring. It can only be said that it provides strong security.

　Working proactively to strengthen security in this way, the hospital has launched a new approach. This is a precaution in the network.

　"Given that several organizations, including public and private companies, have been damaged, it is necessary to constantly strengthen security measures. For example, if measures are taken only for gateways and endpoints, a threat can be entered. If you forgive me, a It may result in "hands down", says Matsumoto.

Nagasaki University Biomedical Sciences Institute Associate Professor of Medical Information Assistant Nagasaki University Hospital Deputy General Manager Gastroenterology Internal Medicine Medical Information Department Medical Support Center (MSC) Director Takehiro Matsumoto

“The use of the Internet is essential for the provision of health services and research activities of doctors. Continuously increasing security is an important task for us. ”

Trend Micro's "Deep Discovery Inspector (DDI)" was introduced, aiming to further strengthen the hospital.

Image of threat detection based on SIEM and firewall at Nagasaki University Institute

DDI visualizes packets within the network and analyzes suspicious URLs and suspicious attachments written in emails to identify signs of attack. Even if it demands a threat, it is a solution to detect communication from the infected device to the C&C server and to detect infection through the internal network and to take quick and appropriate measures.

　"We have evaluated that it is possible to deal with even worse threats, and the hospital will be able to cooperate with the firewall installed on our gateway to further increase its defensive capability," the hospital said. Takatoshi Wada explains.

　Nagasaki University Hospital will continue to increase safety and ensure medical safety. "We plan to update the network in 2020, and we intend to introduce network virtualization technology. If we take advantage of logical control, devices without the necessary measures and patches should be able to take further measures, such as limiting use automatically," says Matsumoto.

　As one of the leading university hospitals in Japan, the hospital's efforts have little impact on the medical industry. In fact, the mechanism developed by the hospital using DDI and the process created by assuming that it will be operated on its own have been announced and attracted great interest in the relevant academic societies. What do you promote and how do you take action? The next direction the hospital will show will also attract a lot of attention.

* This article is a recreation of an article written by Trend Micro.