Nuffield Health is the UK’s largest healthcare charity. The organisation operates a network of 37 hospitals, 114 fitness and wellbeing centres that incorporate medical centres, and workplace wellbeing facilities.
The company’s innovative connected healthcare offer supports end-to-end patient, member, and customer care. Customers are covered on every step of their personal healthcare journeys – whether they’re in need of the preventative health facilities of Nuffield’s Fitness & Wellbeing Centres, diagnosis or physiotherapy, or an intervention cure at a hospital.
“Nuffield Health exists to build a healthier nation,” says Ed Moss, Head of Enabling IT, Nuffield Health. “No matter where you are on your healthcare and wellbeing journey, as soon as you touch Nuffield Health, we’re there with the support you need.”
The strategy demands modern cybersecurity to protect sensitive healthcare – and other – data, as it moves across and outside the organisation. Nuffield already uses more than 300 Palo Alto Networks ML-Powered Next Generation Firewalls (NGFWs) in their hospitals, clinics, physiotherapy centres, and gymnasiums as part of a modern, connected network security strategy.
Until recently, Nuffield used Silver Peak SD-WAN and Zscaler Internet Access to secure internet traffic. Like the ML-Powered NGFWs, they protect web traffic across the organisation. “If you’re in hospital or visiting our gyms, you connect to our guest Wi-Fi. That’s a significant amount of traffic,” says Ed.
However, as Ed explains, there were concerns regarding internet security visibility, cost, and management. “We didn’t have 100% visibility into events and we couldn’t control SSL decryption. It was also difficult to support conditional access rules. Zscaler was also an expensive platform to run.”
A separate challenge was the time spent dealing with security alerts and devices. For example, whenever a problem occurred on one of the 1,000+ Aruba wireless access points across the Nuffield estate it would trigger a multitude of manual processes to rectify the situation. The team had to identify the unit location and device label, and a local person had to perform and validate a power cycle. And if the problem persisted, a ticket was raised so a technician could attend the site. “We were doing approximately 20 checks every day – and it could take days to fix one device,” says Ed.
Risk was another problem: it took time and resources to manage the different security vendors and the complexity associated with each different provider.
Nuffield identified their modern cybersecurity strategy would be required to:
Building on the existing highly successful NGFWs implementation, Nuffield swapped out Zscaler and standardised on Palo Alto Networks Prisma Access. It combines least-privileged access with deep and ongoing security inspection to protect all of Nuffield’s users, devices, apps, and data from sophisticated threats.
“This is about simplification,” says Ed. “We get protection at scale without having to worry about things like sizing and deploying firewalls at each location. Moreover, we have complete, connected visibility across our network and internet security.”
The Palo Alto Networks portfolio also introduces a suite of integrated Cloud-Delivered Security Services for enhanced security. This includes Threat Prevention, URL Filtering, and WildFire. “They give Nuffield consistent prevention without added infrastructure,” he says.
Cortex XSOAR completes the portfolio, automating most routine security tasks. “Cortex XSOAR automates the workflow across the entire security operations process. For example, we now have playbooks for phishing attempts and ‘impossible traveller’ alerts. All the alerts are in one place; we can understand them and respond immediately,” says Ed.
The Palo Alto Networks portfolio delivers secure, flexible control; a great user experience; and improved efficiency.