Case Study

Nuffield Health protects network of hospitals, medical facilities, and wellness centres with Palo Alto Networks Prisma Access and Cortex XSOAR

RESULTS

50%

decrease in time and resources devoted to security

0

network outages in the year following deployment

1000+

access points using automated alert response

In brief

Customer

Nuffield Health

Organisation Size

16,000 employees – the largest healthcare charity in the U.K.

Industry

Healthcare

Featured Products and Services

37 hospitals and 114 fitness and wellbeing centres

Location

UK-wide

Challenges

Nuffield was reliant on a fragmented, complex internet security platform. Everyday security tasks required manual intervention, absorbing resources and preventing the security team from focusing on value-add tasks.

Requirements

    • Ensure every patient, member, and customer receives exceptional experience.
    • Securely connect users to the applications they need, regardless of location or device.
    • Provide unified network and internet security in one best-of-breed partner.
    • Reduce manual security interventions with intelligent automation.

Solution

Palo Alto Networks ML-Powered Next Generation Firewalls, Cloud-Delivered Security Services (Threat Prevention, URL Filtering, WildFire), Prisma Access, and Cortex XSOAR.
Introduction

Nuffield Health, the UK’s largest healthcare charity, trusts Palo Alto Networks to protect them and their clients from all types of cyberattack. Every visitor to Nuffield Health’s hospitals, medical facilities, and fitness centres is protected online by an integrated network and internet security portfolio, providing them with fast, rewarding direct-to-app connectivity. By using Palo Alto Networks Cortex XSOAR, Nuffield Health have improved and modernised their cybersecurity management, cutting the time and resources devoted to security by 50%.

CHALLENGES

Making the UK fitter, healthier, and stronger

Nuffield Health is the UK’s largest healthcare charity. The organisation operates a network of 37 hospitals, 114 fitness and wellbeing centres that incorporate medical centres, and workplace wellbeing facilities.

The company’s innovative connected healthcare offer supports end-to-end patient, member, and customer care. Customers are covered on every step of their personal healthcare journeys – whether they’re in need of the preventative health facilities of Nuffield’s Fitness & Wellbeing Centres, diagnosis or physiotherapy, or an intervention cure at a hospital.

“Nuffield Health exists to build a healthier nation,” says Ed Moss, Head of Enabling IT, Nuffield Health. “No matter where you are on your healthcare and wellbeing journey, as soon as you touch Nuffield Health, we’re there with the support you need.”

The strategy demands modern cybersecurity to protect sensitive healthcare – and other – data, as it moves across and outside the organisation. Nuffield already uses more than 300 Palo Alto Networks ML-Powered Next Generation Firewalls (NGFWs) in their hospitals, clinics, physiotherapy centres, and gymnasiums as part of a modern, connected network security strategy.

Until recently, Nuffield used Silver Peak SD-WAN and Zscaler Internet Access to secure internet traffic. Like the ML-Powered NGFWs, they protect web traffic across the organisation. “If you’re in hospital or visiting our gyms, you connect to our guest Wi-Fi. That’s a significant amount of traffic,” says Ed.

However, as Ed explains, there were concerns regarding internet security visibility, cost, and management. “We didn’t have 100% visibility into events and we couldn’t control SSL decryption. It was also difficult to support conditional access rules. Zscaler was also an expensive platform to run.”

A separate challenge was the time spent dealing with security alerts and devices. For example, whenever a problem occurred on one of the 1,000+ Aruba wireless access points across the Nuffield estate it would trigger a multitude of manual processes to rectify the situation. The team had to identify the unit location and device label, and a local person had to perform and validate a power cycle. And if the problem persisted, a ticket was raised so a technician could attend the site. “We were doing approximately 20 checks every day – and it could take days to fix one device,” says Ed.

Risk was another problem: it took time and resources to manage the different security vendors and the complexity associated with each different provider.

"If you’re in hospital or visiting our gyms, you connect to our guest Wi-Fi. That’s a significant amount of traffic. We didn’t have 100% visibility into events. And we couldn’t control SSL decryption."

– Ed Moss

Head of Enabling IT, Nuffield Health

REQUIREMENTS

Nuffield identified their modern cybersecurity strategy would be required to:

  • Unify network and internet security with a single, best-of-breed partner.
  • Ensure every patient, member, and customer received an exceptional user experience.
  • Securely connect users to the applications they needed, regardless of location and device type.
  • Reduce manual security interventions with intelligent automation and playbooks.
SOLUTION

Protecting every user from sophisticated threats

Building on the existing highly successful NGFWs implementation, Nuffield swapped out Zscaler and standardised on Palo Alto Networks Prisma Access. It combines least-privileged access with deep and ongoing security inspection to protect all of Nuffield’s users, devices, apps, and data from sophisticated threats.

“This is about simplification,” says Ed. “We get protection at scale without having to worry about things like sizing and deploying firewalls at each location. Moreover, we have complete, connected visibility across our network and internet security.”

The Palo Alto Networks portfolio also introduces a suite of integrated Cloud-Delivered Security Services for enhanced security. This includes Threat Prevention, URL Filtering, and WildFire. “They give Nuffield consistent prevention without added infrastructure,” he says.

Cortex XSOAR completes the portfolio, automating most routine security tasks. “Cortex XSOAR automates the workflow across the entire security operations process. For example, we now have playbooks for phishing attempts and ‘impossible traveller’ alerts. All the alerts are in one place; we can understand them and respond immediately,” says Ed.

"This is about simplification. We get protection at scale without having to worry about things like sizing and deploying firewalls at each location."

– Ed Moss

Head of Enabling IT, Nuffield Health

BENEFITS

Secure, connected healthcare strategy

The Palo Alto Networks portfolio delivers secure, flexible control; a great user experience; and improved efficiency.

  • Enhances patient, member, and customer care: People can connect quickly to reliable Wi-Fi at any Nuffield Health location. Sensitive healthcare data is safeguarded, ensuring healthcare professionals can provide a trusted, agile service experience.
  • Drives visibility and reduces risk: Nuffield Health now has “single pane of glass” visibility into internet, network, and security orchestration.

"In five years, Nuffield Health has halved the number of security vendors. There are now less places to look when there’s an incident, everything is integrated, and threat responsiveness is faster and more effective."

– Ed Moss

Head of Enabling IT, Nuffield Health

  • Reduces daily security operations tasks by 50%: Nuffield Health has increased operational efficiency by reducing the time devoted to daily security operations tasks. For example, Prisma Access enables the team to automate remediation on the 1,000+ access points and use playbooks (including self-built ones) to automate alert response and maintain SLA adherence.
  • Improves stability: The Palo Alto Networks portfolio is highly resilient, with no network outages in the year following deployment. By contrast, the Zscaler platform experienced outages at an average rate of one per quarter, reducing operational productivity. “We would lose access to SaaS platforms like Workday and Salesforce for a couple of hours each time. Not anymore,” says Ed.
  • Achieves more with less: According to Ed, “For the equivalent cost of the Zscaler internet security, we have introduced additional Palo Alto Networks firewalls and added Prisma Access – all at no additional cost.” Likewise, Prisma Access Enterprise Edition enables Nuffield Health to capitalise on the full suite of CDSS for an added layer of security.

"Palo Alto Networks is always there for Nuffield Health. In particular, the Customer Success team are incredibly proactive. They understand our ambitions and are consistently suggesting innovative new ways to optimise cybersecurity."

– Ed Moss

Head of Enabling IT, Nuffield Health

Learn more about Palo Alto Networks on the website where you can also read many more customer stories.