Business & Technology
A major pediatric hospital in the Northeastern United States is accustomed to leading the way. The hospital’s research arm is world-class, and that spirit of innovation reaches into patient care, as well. The hospital was ahead of the curve in enabling physicians to work from home—an advancement that seems prescient in the wake of the COVID-19 pandemic.
In early 2019, the hospital decided to enable radiologists to view X-rays and MRIs from home offices throughout the Northeast. Administrators expect the hospital to continue to grow, and they saw a telework policy as a way to reduce space pressures in the physical facility. In addition, eliminating physicians’ commute by allowing them to work remotely could enhance their job satisfaction, especially in inclement winter weather.
The purpose of the telework strategy was clear, but the technology requirements were a bit complex. The images that radiologists need to review are large files. Adequate throughput is crucial in making remote connectivity work for these clinicians. So is security. After all, each file the hospital’s radiologists view contains a child’s health information. Effective security is necessary, both to meet Health Insurance Portability and Accountability Act (HIPAA) compliance requirements and to protect young patients.
The hospital began its search for a remote network access solution that would include a networking device deployed to each participating radiologist’s home office. The device would not only need to provide enterprise-grade security, but it would also need to integrate with a third-party authentication system that the hospital already had in place, to prevent network access by any personal devices in the household.
IT staff considered several solutions. Most either had usability problems or required deployment of a firewall in addition to the network connectivity device. To successfully enable widespread remote access, the hospital needed the virtual private network (VPN) solution to be as simple and easy-to-use as possible.
What the hospital wanted was a single solution with an intuitive user interface that combined high-performance network connectivity and best-of-breed security. It found what it was looking for in FortiGate next-generation firewalls (NGFWs).
Recognizing that radiologists’ medical skills are not always accompanied by networking expertise, the hospital decided to provide each doctor who needs remote access with a FortiWiFi device. The FortiWiFi is a FortiGate NGFW that is about the size of a paperback book. Its antennas provide Wi-Fi access to authorized devices.
A physician can take her FortiWiFi device home, unbox it, plug one wire into the household’s internet connection, plug another wire into her laptop, and then step away. The FortiWiFi device will connect to the hospital’s FortiCloud solution, which will connect to FortiManager to give the FortiWiFi device access to the hospital network. Then, the hospital’s IT team can use FortiDeploy to remotely configure the NGFW.
After 20 minutes or so, the FortiWiFi NGFW will be ready to connect to the hospital network via a secure IPsec VPN tunnel. Authorized devices will be able to connect to the VPN using either wired or wireless connections. To verify the user’s identity, the solution employs two-factor authentication. The two factors are 802.1x authentication, performed through the hospital’s existing third-party identity access management platform, and the FortiWifi device’s captive portal credentials.
This solution’s VPN connections meet the high performance expectations of radiologists viewing large image files. Where the physician’s internet access is a broadband cable connection, throughput for the FortiWiFi is typically around 250 megabits per second (Mbps). Hospital-issued Voice-over-IP (VoIP) phones can also connect to the FortiWiFi device, if the doctor requires phone connectivity at home.
Some of the pediatric hospital’s radiologists were already using the FortiWiFi solution on occasion by late 2019. When COVID-19 made home offices the recommended workplace whenever possible, the hospital needed to scale up to support as many as 100 radiologists simultaneously. The IT team deployed a pair of new FortiGate NGFWs in the hospital data center, in an active/passive high-availability (HA) configuration. The high performance of the firewalls eliminates the potential for bottlenecks, even with 100 simultaneous VPN connections. Furthermore, the HA approach means that if one of the firewalls experiences an issue or a power failure, the other will continue to enable connectivity for the radiologists.
COVID-19 also motivated the hospital to migrate the solution’s management to the FortiCloud application. This enables IT staff to seamlessly monitor, troubleshoot, and manage the remote-connectivity infrastructure when they, too, are working remotely.
Although the hospital is currently grappling with many of the same issues as its peers across the country, the fact that its radiology department had already established telework capabilities gave it a leg up when COVID-19 hit. It did not have to scramble to develop high-performance remote connectivity, nor did it have to worry that security might be half-baked in a rapidly deployed solution.
Now, the hospital’s physicians have an easy-to-use means of working from the safety of their home, and IT staff have streamlined management of networking devices distributed throughout the Northeast. Even after the COVID-19 crisis subsides—whenever that may be—the productivity and business resiliency benefits enabled by the Fortinet solution will secure this hospital’s continued position as a leader in technology innovation.
Discover how Fortinet Teleworker Solutions enable secure remote access at scale to support employees with a wide array of access requirements.
Learn more about enabling the latest advances in patient care while protecting against cyberattacks with Fortinet healthcare cybersecurity solutions.
Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.