sumitomo besshi hospital security/its - case studies general...with the conventional hospital...
TRANSCRIPT
Sumitomo Besshi Hospital
NetAttest supports the hospital’s network where security is required. Easy operation of a secure network with terminal authentication and DHCP in conjunction with SDN.
SUMITOMO BESSHI HOSPITALSumitomo Besshi Hospital was established for the workers of Sumitomo Metal Mining Co., Ltd. and their families. It moved to the current location in 1966 and started taking general social insurance. It supports the health of local people as the largest hospital in the Toyo
X
TOPIC INTRODUCTION RESULTS
Desire to reduce the operational burden of the five isolated networks1 The SDN (Software Defined Network) integrates the
multiple hospital networks into one
Desire to improve the security of a network that deals with important data2 MAC address authentication eliminates unauthorized
terminals of various devices, including medical devices
Desire to make the IP address management of diversified terminals easier3 Introduce DHCP appliances to reduce IP address
management effort
District of Ehime prefecture. A partnership with patients is important, with thorough informed consent, disclosure of medical information, and conducting health management courses, etc.
Headquarters Location: 3-1 Ojicho, Niihama-shi, Ehime-ken Japan https://www.sbh.gr.jp/
CASE STUDY | Introduction Case | Sumitomo Besshi Hospital
SUMITOMO BESSHI HOSPITAL USAGE IMAGE ILLUSTRATION
THE HOSPITAL INTERNAL NETWORK WAS REVISED WHEN THE NEW HOSPITAL WAS BUILTSumitomo Besshi Hospital, which was
opened in 1883 was the oldest hospital
in Ehime prefecture. It has the largest
scale in the Toyo District of Ehime
prefecture, was designated as a hospital
for regional cancer treatment and also
plays a role as a core hospital in the
region. The number of beds is 360, the
number of outpatients per day is about
800, and the number of inpatients is
also about 260 people per day. There
are about 600 employees who care
for the patients. About 600 staff in the
hospital need to be closely connected,
in order to quickly respond to the
number of patients who visit daily, so
the systemization of IT was promoted
early on. In 2003, we introduced an
ordering system that communicates
the instructions of physicians, nurses
and departments through computers.
After that, an electronic medical
record system was introduced in 2009.
Communication became possible
including medical records information.
Sumitomo Besshi Hospital General Support Department Information Management Center, Information Systems Office and Medical Information Management Office Chief
Mr. Atsushi Norimatsu
With the conventional hospital
infrastructure, physical wiring is
laid out for each network, divided
between the core system, the
information system, the voice
system, the open system, and the
security system for the various
information handling, which
places a large load on operation
management. All of the wiring was
aggregated with SDN in the newly
constructed hospital infrastructure
Internal Infrastructure Wards
Examinationroom
Core network(Electronic medical record information)
Open system network(Wireless LAN for visitors)
Security system network(Monitor camera)
Voice system network
Information systems network
Nurse station
Hospital room
Complex network
Wards
SDN
Internal Infrastructure
Hospital room
Nurse station
Examinationroom
Core network(Electronic medical record information)
Open system network(Wireless LAN for visitors)
Security system network(Monitor camera)
Voice system network
Information systems network
BEFORE AFTER RECONSTRUCTION
with the renovation of the facility, and the software was able to be configured flexibly. In addition, strengthening security and
the operational side was considered, with NetAttest EPS functioning for terminal authentication and NetAttest D3 as the DHCP
server, the infrastructure is designed to be safe, easy to use, and easy to maintain. NetAttest EPS is installed in each redundant
configuration for the core system, information system, and voice system. NetAttest D3 is installed in the same redundant
configuration for the information system, voice system, and open system.
The idea of rebuilding this hospital was
raised six years ago, around 2012. Fifty
years have passed since we moved to
our current location and the building
itself was out of date and the hospital
facilities needed replacement.
“The hospital’s network at that time
had become more complicated with
a spate of renovations, and it was
hard to respond when there were
problems. For this reason, I wanted to
build a simple network that was easy
to maintain and that was able to cope
with the increase in renovations.”
Information Systems Office and
Medical Information Management
Office Chief, Mr. Atsushi Norimatsu, of
the Information Management Centre of
the Sumitomo Besshi Hospital who was
in charge of the general information
systems in the hospital looked back
at the time when he summarized the
plan of the hospital network with the
construction of the new hospital.
Three points were established when
rebuilding the network in the new
hospital. (1) New construction of the
hospital network, (2) Migration and
update of 40 types of systems used
for electronic medical records and
departments, and (3) Improved patient
amenities.
What was especially concerning
was the newly configured network
inside the hospital. It was necessary
to pay the utmost attention to the
handling of information because of
the characteristics of the hospital, and
the old hospital was divided into five
networks because of differences in
Soliton Systems Europe N.V. Jachthavenweg 109-A, 1081 KM Amsterdam, The Netherlands | +31 (0)20 280 6060 | [email protected] | www.solitonsystems.com
2020 © All information herein was carefully gathered and examined, however, Soliton Systems cannot be held responsible for mistakes or incompleteness of content. Soliton Systems may change or modify parts at any time without notification and accepts no liability for the consequences of activities undertaken based on the contents.
system and data handling. The “Core
system,” which handles personal
information such as electronic medical
records, the “Information system,” for
exchanging information among staff
members, the “Voice system” for a nurse
call or staff PHS, the “Open system” for
patients to connect to the Internet in
the hospital, and the “Security system”
that deals with surveillance cameras
and electronic locks.
A SECURE AND SIMPLE SOLUTION FOR SDN AND TERMINAL AUTHENTICATIONThe maintenance of the physical
wiring was one of the problems of
having the network dividing into five.
The improvements in the building
were required due to the policies
that the country announced based
on the characteristics of a hospital.
With traditional networks, large-scale
wire laying construction is sometimes
required, the wiring becomes
cumbersome and maintenance can
be expensive. Therefore, we thought
to integrate the separate physical
networks in the new construction of
the hospital network and manage
this with an SDN (Software-Defined
Network). With SDN, you can combine
things into one physical wiring and then
logically divide it into multiple networks
by application, making a simple
configuration possible. In addition,
it was a necessary issue in order to
create a security-secured mechanism in
terms of dealing with patients’ personal
information.
“I was looking for a product that could
control the devices that connect to the
network. NetAttest EPS and NetAttest
D3 were the only ones that I found with
members with advanced installation.
It was also conclusive that the stability
of the Soliton systems product and the
support system were substantial, not to
mention the functionality that satisfied
all the requirements.” (Mr. Norimatsu)
In the SDN environment introduced
at the new hospital, each network is
logically independent and there is a
mechanism so they do not influence
each other. Therefore, the gateway
policy is important. The network
authentication appliance “NetAttest
EPS” was configured to perform the
authentication for the core network,
information, and voice systems that
handle important data, and where
especially strong security is necessary.
In the hospital, in addition to devices
such as PCs, smart phones, and tablets,
various terminals such as medical
devices are also connected.
There is an authentication mechanism
based on MAC address information
that can be used as a common key for
these devices.
Mr. Norimatsu said the following about
the effect of “NetAttest EPS.”
“It was essential for security to be able
to prevent equipment from connecting
to the network other than those
approved by the system personnel.
With NetAttest EPS, you can perform
MAC address authentication with a
simple operation and can prevent
access by unauthorized devices.”
THE DHCP SERVER CAN BE CONFIGURED TO SUPPORT A WIDE VARIETY OF DEVICESIn addition to the terminals distributed
at the hospital, the terminals that
connect to the hospital network include
PCs that the patients and physicians
bring into hospital. Based on the
diversity of terminals, we thought that
an IP address distribution system was
also necessary and introduced the
dedicated appliance “NetAttest D3” as
a DHCP server. This makes it easy to
connect to the LAN and the Internet by
simply connecting the terminals used in
the hospital to the network.
“Some doctors bring private PCs to the
hospital to create materials to present
at conferences. Nowadays, it’s not
uncommon to use the Internet to get
the latest information. In the past, there
was only a limited Wi-Fi environment,
and the only way to use the Internet
was for the physician or an individual
patient to contract a data line service.
Thanks to the introduction of NetAttest
EPS, NetAttest D3 and SDN, not only
was operational load reduced, but I
think it created a secure environment
for the doctors and patients to use,”
said Mr. Norimatsu.
Through the development of network
infrastructure, system migration and
renovation, and the improvement
of amenities for patients, the facility
has been attracting attention in the
prefecture as a “leading ICT-related
medical facility.” Mr. Norimatsu said
we are looking at building a regional
cooperation system that connects
hospitals and clinics in the prefecture
with VPNs. With this installation, Mr.
Norimatsu, who has realized the high
quality of the product, says he is also
thinking of using the Soliton systems
products in his plan.