Richard Humphreys |
This article first appeared in the
Autumn 2017 issue of The Record.
The US-based private healthcare company Mount Sinai is currently using six different mobile apps which allow patients to share data with their clinicians. “We’ve never had technology like this before where patients can easily enter data, but now with mobile phones and apps, we can allow that,” said Doctor Ashish Atreja, chief technology, innovation and engagement officer at Mount Sinai. “All of our apps collect patient data… and then provide the data to physicians.”
Mount Sinai needs to ensure that the data is shared securely, meeting all of the requirements associated with stringent HIPAA regulations. “If we do not protect security and maintain confidentiality of the patient data, then we actually are liable for penalties,” Atreja said.
For Mount Sinai, achieving a sophisticated level of security was no easy feat. “We struggled with our experience of trying to implement a web application firewall with one of our existing vendors in our physical data centres,” said Kenny Liu, IT security and technology specialist at Mount Sinai. “…In the end, we never fully implemented it because of the amount of overhead that was required for it.”
The company looked for an alternative. Based on a strong Microsoft recommendation, Mount Sinai turned to the Barracuda Web Application Firewall, whose solution would enable the health system to protect its web and mobile applications in the cloud.
The Barracuda solution offered significant ease of use compared to the health system’s previous experience. In fact, Mount Sinai was able to quickly get the web application firewall up and running in a matter of hours, starting with simple deployment from the Microsoft Azure Marketplace, followed by Barracuda’s engineering help.
Using the Barracuda Web Application Firewall allowed Mount Sinai staff to see the firewall blocking malicious attacks in the logs. It also enabled staff to secure encrypted traffic. They were comforted knowing that any potential coding weaknesses were not exposed to the internet. They have reported no latency or performance degradation in applications, which allows them to make the firewall mainstream for all their upcoming mobile applications.
According to Liu, the solution does exactly what it is supposed to do as it “defends but doesn’t have an impact on the performance of the apps.”