Geisinger Finds Cure in Continuous Security Monitoring

As this innovative healthcare provider grew, so did the complexity of the security and management of its networks and devices.

Since 1915, Geisinger has been providing high-quality healthcare services to residents in central and northeastern Pennsylvania and more recently expanding into southern New Jersey. Geisinger prides itself on providing innovative healthcare in virtually every medical specialty. Headquartered in Danville, Pa., Geisinger provides a range of specialized medical, research and hospitality services.

Geisinger is also home to some of the most advanced healthcare technology in the country, including a Level I trauma center, the region's only pediatric trauma center, the renowned Janet Weis Children's Hospital, the state-of-the-art Hospital for Advanced Medicine and clinical research facilities. Managing the IT infrastructure, applications and data that ensure the entire 30,000-employee, physician-led health organization runs as smoothly and effectively as possible is no small task.

As Geisinger grows, so does the potential for vulnerabilities

Today, Geisinger’s enterprise technology comprises several data centers, over 20,000 endpoints and thousands of servers. Its environment is a mix of on-premises and cloud-based systems.

Like an increasing number of healthcare organizations, today Geisinger supports an ever-increasing number of network-connected clinical devices. Until recently, many of these devices were designed and built without much consideration for their security. Fortunately, that’s changing. Regulators are pushing for security to be embedded in the device design of network-connected devices, such as ultrasounds, MRIs, insulin pumps and glucometers. "As the healthcare and medical device manufacturing industries evolve, they are creating challenges in cybersecurity," says Daniel Bennett, cybersecurity manager at Geisinger Health System.

It's no small challenge ensuring the security of these devices along with the traditional IT systems. While traditional vulnerability scanners are very efficient at assessing system status within standard network servers and devices, they can cause availability interruptions and even affect the performance of connected clinical devices.

Building a mature vulnerability management program

Today, Bennett and Nathan Cooper, information security analyst in cyber operations at Geisinger, utilize the Enterprise TruRisk Platform as part of their overall vulnerability management program. The Enterprise TruRisk Platform identifies and provides guidance on how to remedy software vulnerabilities, outdated systems and associated weaknesses that jeopardize compliance with government and industry regulations such as the Health Insurance Portability and Accountability Act and the Payment Card Industry Data Security Standard (PCI DSS). Delivered from a highly scalable multitenant cloud infrastructure, Qualys provides a suite of information security and regulatory compliance management services to over 10,300 customers in more than 130 countries, including a majority of the Forbes Global 100 and Fortune 100.

In fact, Qualys is centrally managed and its vulnerability data and system updates are performed in real time and are simultaneously available to all their customers. This cloud delivery and associated subscription-based service means that Qualys is affordable to organizations of any size that need to secure their systems.

It's been more than eight years since Geisinger selected Qualys for its vulnerability management efforts. According to Bennett, Qualys provides the scale and accuracy that Geisinger needs. "Most vulnerability management systems are not enterprise class. And for an organization of our size, we need an enterprise product. Qualys is one of those services," says Bennett.

In addition to Qualys Vulnerability Management, Geisinger also relies on Qualys PCI Compliance and Qualys Web Application Scanning to manage regulatory mandates to PCI DSS and reduce web application vulnerabilities. "We started with traditional vulnerability management, but we've expanded our use as our organization has grown along with the complexity of the devices, applications and infrastructure, especially on equipment that directly impacts patient care," Cooper says.

"Qualys security services are straightforward and easy for my staff to use – and to teach to new staff members," Bennett explains.

Geisinger’s dynamic environment – new systems and servers constantly coming online – added another challenge. The ability to quickly gather insight on new systems as they came online without disrupting the availability of networked devices was important to the security team. "We wanted to see systems earlier in the life cycle, from a vulnerability threat perspective, and turned to Qualys Cloud Agent," says Cooper.

Toward continuous security monitoring

Qualys Cloud Agent extends the power of the Enterprise TruRisk Platform with lightweight assessment agents that can be installed in any host, including a laptop, desktop, server or virtual machine. Because Qualys Cloud Agent eliminates the need to schedule scan windows or manage credentials for scanning, Qualys Cloud Agent makes it possible to perform vulnerability management and policy compliance assessments in real time, across an entire IT environment. Qualys Cloud Agent is remotely deployable, centrally managed, self-updating and consumes very little CPU resources, less than 2 percent during normal operation. The agent automatically collects vulnerability data and securely transfers it to the Enterprise TruRisk Platform where it is analyzed to identify risks and eliminate vulnerabilities.

Geisinger's security team piloted Qualys Cloud Agent on the servers within its department. "It passed, and there were no discrepancies between the agent and the Qualys VM vulnerability scans," says Cooper. "Now we can have the agent added to our base server image, so that any new server that's built from our virtual template instantly has the agent installed. That means new servers immediately report themselves to the Enterprise TruRisk Platform," Cooper says.

"Right out of the gate we know that a new system is provisioned and in our vulnerability management life cycle," Cooper says. That's precisely how Qualys Cloud Agent, powered by the Enterprise TruRisk Platform, helps Geisinger improve its vulnerability management efforts and achieve the real-time, continuous security both the security team and Geisinger needed."

About Geisinger

Geisinger Health System is an integrated health services organization widely recognized for its innovative use of the electronic health record and the development of innovative care delivery models such as ProvenHealth Navigator® and ProvenCare®. As one of the nation’s largest health service organizations, Geisinger serves more than 3 million residents throughout 45 counties in central, south-central and northeast Pennsylvania, and also in southern New Jersey with the addition of AtlantiCare, a National Malcolm Baldrige Award recipient. The physician-led system is comprised of approximately 30,000 employees, including nearly 1,600 employed physicians, 12 hospital campuses, two research centers and a 510,000-member health plan, all of which leverage an estimated $8.9 billion positive impact on the Pennsylvania economy.