Nuffield Health protects network of hospitals, medical facilities, and wellness centres with Palo Alto Networks Prisma Access and Cortex XSOAR

Nuffield Health is the UK’s largest healthcare charity. The organisation operates a network of 37 hospitals, 114 fitness and wellbeing centres that incorporate medical centres, and workplace wellbeing facilities.

The company’s innovative connected healthcare offer supports end-to-end patient, member, and customer care. Customers are covered on every step of their personal healthcare journeys – whether they’re in need of the preventative health facilities of Nuffield’s Fitness & Wellbeing Centres, diagnosis or physiotherapy, or an intervention cure at a hospital.

“Nuffield Health exists to build a healthier nation,” says Ed Moss, Head of Enabling IT, Nuffield Health. “No matter where you are on your healthcare and wellbeing journey, as soon as you touch Nuffield Health, we’re there with the support you need.”

The strategy demands modern cybersecurity to protect sensitive healthcare – and other – data, as it moves across and outside the organisation. Nuffield already uses more than 300 Palo Alto Networks ML-Powered Next Generation Firewalls (NGFWs) in their hospitals, clinics, physiotherapy centres, and gymnasiums as part of a modern, connected network security strategy.

Until recently, Nuffield used Silver Peak SD-WAN and Zscaler Internet Access to secure internet traffic. Like the ML-Powered NGFWs, they protect web traffic across the organisation. “If you’re in hospital or visiting our gyms, you connect to our guest Wi-Fi. That’s a significant amount of traffic,” says Ed.

However, as Ed explains, there were concerns regarding internet security visibility, cost, and management. “We didn’t have 100% visibility into events and we couldn’t control SSL decryption. It was also difficult to support conditional access rules. Zscaler was also an expensive platform to run.”

A separate challenge was the time spent dealing with security alerts and devices. For example, whenever a problem occurred on one of the 1,000+ Aruba wireless access points across the Nuffield estate it would trigger a multitude of manual processes to rectify the situation. The team had to identify the unit location and device label, and a local person had to perform and validate a power cycle. And if the problem persisted, a ticket was raised so a technician could attend the site. “We were doing approximately 20 checks every day – and it could take days to fix one device,” says Ed.

Risk was another problem: it took time and resources to manage the different security vendors and the complexity associated with each different provider.

Nuffield identified their modern cybersecurity strategy would be required to:

• Unify network and internet security with a single, best-of-breed partner.
• Ensure every patient, member, and customer received an exceptional user experience.
• Securely connect users to the applications they needed, regardless of location and device type.
• Reduce manual security interventions with intelligent automation and playbooks.

Building on the existing highly successful NGFWs implementation, Nuffield swapped out Zscaler and standardised on Palo Alto Networks Prisma Access. It combines least-privileged access with deep and ongoing security inspection to protect all of Nuffield’s users, devices, apps, and data from sophisticated threats.

“This is about simplification,” says Ed. “We get protection at scale without having to worry about things like sizing and deploying firewalls at each location. Moreover, we have complete, connected visibility across our network and internet security.”

The Palo Alto Networks portfolio also introduces a suite of integrated Cloud-Delivered Security Services for enhanced security. This includes Threat Prevention, URL Filtering, and WildFire. “They give Nuffield consistent prevention without added infrastructure,” he says.

Cortex XSOAR completes the portfolio, automating most routine security tasks. “Cortex XSOAR automates the workflow across the entire security operations process. For example, we now have playbooks for phishing attempts and ‘impossible traveller’ alerts. All the alerts are in one place; we can understand them and respond immediately,” says Ed.

The Palo Alto Networks portfolio delivers secure, flexible control; a great user experience; and improved efficiency.

• Enhances patient, member, and customer care: People can connect quickly to reliable Wi-Fi at any Nuffield Health location. Sensitive healthcare data is safeguarded, ensuring healthcare professionals can provide a trusted, agile service experience.
• Drives visibility and reduces risk: Nuffield Health now has “single pane of glass” visibility into internet, network, and security orchestration.

• Reduces daily security operations tasks by 50%: Nuffield Health has increased operational efficiency by reducing the time devoted to daily security operations tasks. For example, Prisma Access enables the team to automate remediation on the 1,000+ access points and use playbooks (including self-built ones) to automate alert response and maintain SLA adherence.
• Improves stability: The Palo Alto Networks portfolio is highly resilient, with no network outages in the year following deployment. By contrast, the Zscaler platform experienced outages at an average rate of one per quarter, reducing operational productivity. “We would lose access to SaaS platforms like Workday and Salesforce for a couple of hours each time. Not anymore,” says Ed.
• Achieves more with less: According to Ed, “For the equivalent cost of the Zscaler internet security, we have introduced additional Palo Alto Networks firewalls and added Prisma Access – all at no additional cost.” Likewise, Prisma Access Enterprise Edition enables Nuffield Health to capitalise on the full suite of CDSS for an added layer of security.