Medical Network Refresh to Enhance Performance and Security

The Problem

The health system’s previous architecture established the fundamental basis for network segmentation and software-defined networking, but it was insufficient for scaling and securing more complex, modern IT environments. This network refresh presented immense complexities related to maintaining service continuity during the transition, while balancing the differing needs of various stakeholders. Various groups within the health system had distinct requirements, with clinical staff needing reliable access to wireless medical devices, administrative departments requiring secure access to scheduling and HR systems, and facilities teams needing high-performance connectivity for IoT-based building management systems. Even amid a network refresh, our client still needed to maintain 24/7 operations to provide patient care, necessitating a complex hybrid migration strategy.

The BlueAlly Solution

We collaborated closely with the health system’s technological experts and executive leadership to understand its goals in undertaking this expansive network refresh. We then devised a scalable design and hybrid migration strategy to maintain operations during the project deployment phase, enabling its in-house team to successfully build the new network in parallel and then integrate it incrementally with the legacy parts of the overall network. This was accomplished through expert planning and technical consultation with our client to keep the network deployment on course, with our team proving the network design’s efficacy in a lab setting, then assisting the medical system’s team with implementation as needed.

BlueAlly designed a comprehensive software-defined access (SDA) controller platform to simplify network management while enhancing performance and security. We also established a network virtualization strategy to logically isolate disparate networks, allowing multiple virtual networks to run across the same underlay network and thereby strengthening the health system’s scalability and segmentation capabilities. Through our two-pronged segmentation strategy, macrosegmentation provided centralized security by using firewalls to control endpoints communicating between virtual networks. For more in-depth protection, microsegmentation provided distributed security by controlling endpoints communicating within individual virtual networks. This allowed the health system to improve its cybersecurity posture by better controlling vertical and horizontal threat risk, enabling it to fortify its defenses against ransomware and related cyber-attacks that threatened critical operations.

The Results

This project resulted in a repeatable architecture that improved our client’s adaptability and longevity by standardizing network design across its campus systems, enabling scalability for future growth. We also enhanced interoperability by mapping core legacy technologies and endpoints to the health system’s new network architecture. The network refresh bolstered our client’s cybersecurity defenses through macro and microsegmentation, enabling the health system to safeguard sensitive medical data across its systems.

Through SDA and virtualization capabilities, we also greatly simplified network management to enhance overall efficiency and performance. Ultimately, this network refresh helped the health system conquer complexity with a future-proofed architecture based on software-defined networking principles and Zero Trust-aligned segmentation. This project improved the client’s IT infrastructure in support of its primary mission: providing a sustained high quality of lifesaving patient care.