Radiology Group Connects to Thousands of Hospitals, Securely andVirtually

Cisco Borderless Networks

vRad Case Study

Executive Summary
Customer Name: Virtual Radiologic Industry: Healthcare Location: Eden Prairie, MN, UnitedStates Number of Employees: 475 Business Challenge: Securely connect hundreds of remotephysicians Comply with stringent regulatory requirements Rapidly identify potential securitythreats Network Solution: Deployed Cisco security solutions and LogLogic Security Event and Information Management (SIEM) System Business Results: Annually support 7 million+ secure remote radiology studies Easily comply with auditing and reporting requirements Simplified management of thousands of VPN connections

Virtual Radiologic uses Cisco solutions to secure electronic patient information transmitted between hospitals and remoteradiologists.
Business Challenge
The largest radiology practice in the United States is not on a hospital campus. It is, in part, in the private home-based offices of hundreds of Virtual Radiologic (vRad) physicians, who provide teleradiology services to hospitals across the UnitedStates. Traditionally, most hospitals have used a centralized model, with doctors working onsite or out of a nearby office, says Patrick Williamson, security engineer, vRad. Instead we offer hospitals the ability to work with our radiologists over the Internet. The hospital sends us the images for a patients study, and the vRad physician reviews them and sends the findings back. For vRads hospital customers, this innovative use of telemedicine services augments the onsite services of local radiologists with the services of specialtytrained radiologists available to provide interpretations at any hour. For patients, the vRad model speeds turnaround times for study results and provides access to a larger network of subspecialists (for example, specialists in musculoskeletal radiology or neuroradiology) than they might have access to locally. As a web-based service, however, the vRad model also presents unique challenges. The most significant challenge is helping ensure the security of communications between radiologists and hospitals. vRad must contend with stringent regulatory requirements, including regulations issued to enforce the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH), which mandate strict information security and auditing requirements.

2011 Cisco and/or its affiliates. All rights reserved.

The Cisco and LogLogic solution gives me instant access to all of our logs at any time, from all of ourequipment. Its extremely valuable.
Patrick Williamson, Security Engineer, Virtual Radiologic

Our primary concern is patient care while maintaining the confidentiality of patient information and complying with HIPAA and HITECH, says Williamson. The data traversing our network must be secure, without exception. Meeting these demands requires strong network defenses and up-to-the-minute security intelligence across vRads entire network, including two major data centers and thousands of virtual private network (VPN) connections between radiologists and hospitals. The scale of these challenges recently increased when vRad acquired the largest teleradiology company in the United States, Nighthawk Radiology. vRad is now in the process of integrating the Nighthawk infrastructure into its own environment.

Network Solution
vRad has long relied on an end-to-end Cisco network, including Cisco routing, switching, security, 802.11n wireless, and data center solutions. The infrastructure helps vRad create a borderless network, delivering vital patient data to the right people, at the right time, on demand, anywhere in the country, securely andtransparently. Working with the leader in network technology provides many benefits, especially in terms of interoperability across our infrastructure, says Williamson. We can easily transport traffic across multiple VPN environments and maintain a highly secureenvironment. A Robust Nationwide Network vRad uses a variety of components of the Cisco SecureX Architecture to manage nationwide VPN communications. More than 2000 hospitals upload patient images to vRad using site-to-site IPSec VPN tunnels, terminating at Cisco 7200 Series routers and Cisco ASA 5550 Series platforms in the primary vRad data center. vRad then pushes out the images to remote radiologists over SSL-based VPN connections. The radiologists review the images and send their reports back to the hospital. If they need to speak with other physicians at the hospital, the home-based radiologists use the Cisco IP Communicator softphone application, using the Cisco AnyConnect VPN client to maintain secure connections. We love the debugging and troubleshooting capabilities of the Cisco VPN solutions, says Williamson. Seconds count when youre dealing with patient care, and we can diagnose problems and bring up new tunnels in minutes. The Nighthawk infrastructure, which vRad is now integrating, is also a Cisco environment, based on Cisco ASA platforms. The all-Cisco infrastructure simplifies the integration and allows vRad to continue serving customers without a problem. We are deploying additional Cisco ASA 5550s in our primary data center and transitioning services from the Nighthawk platforms, says Williamson. We can take the configuration from one data center and deploy it here, and the solutions justwork. vRad also uses the clientless SSL VPN capabilities on the Cisco ASA platforms to allow vendors to securely access limited segments of the vRad network.

2011 Cisco and/or its affiliates. All rights reserved.

Guarding Against Threats To patrol the environment and comply with regulatory requirements, vRad recently upgraded to the Cisco ASA 5585-X platform as its primary corporate firewall. With our recent acquisition, there has been a huge surge in need for bandwidth, says Williamson. The Cisco ASA 5585-X provides a major throughput and performance boost that prepares us for spikes in study volume. vRad also uses Cisco intrusion prevention system (IPS) solutions, including IPS modules integrated in the companys core Cisco Catalyst switches and in Cisco ASA platforms at several corporate locations. The solutions identify any suspicious traffic that could represent an attack. For an additional layer of content security, vRad uses Cisco IronPort Email Security appliances. The solutions provide best-in-class spam protection and robust malware defense capabilities to minimize downtime and lost productivity from email threats. Integrated Security Intelligence To continually monitor the network, vRad uses a LogLogic Security Information and Event Management (SIEM) solution. The LogLogic product communicates with the Cisco devices in the network, helping vRad to correlate and manage security events and meet regulatory compliance and reporting requirements. Cisco works with third-party vendors to deliver integrated security management solutions that complement their Cisco security devices. And, because LogLogic is a Cisco technology partner, the solution is designed and validated to integrate easily into the Cisco environment. The LogLogic solution receives logs from all our Cisco equipment, says Williamson. Routers, switches, firewalls: everything is centrally logged, parsed, and indexed. It makes it very easy to see everything happening in our environment.

Business Results
Today, vRads Cisco borderless network provides the ideal solution for a business that depends so much on secure network communications. The Cisco security products provide robust security, high performance, and simplified management, even as vRad ramps up the scale of its business. We have been very impressed with the Cisco ASA platforms, particularly the new ASA 5585-X Firewall, says Williamson. The 64-bit capability, the increased memory, and the much higher throughput provide ample performance and protection for our entire environment. We are not concerned about needing to upgrade for quite sometime. The Cisco VPN solutions also provide a secure, high-performance foundation to support the seven million radiology studies performed by vRad radiologists each year. The Cisco AnyConnect client is an extremely robust and easy-to-manage VPN solution, says Williamson. The lightweight client is so much easier to use than a traditional IPSec connection. If we ever need to push out an update, we just put it on the Cisco ASA devices, and users automatically download the newest software when they connect. It also adds resiliency. If a VPN device ever goes down, our physicians using AnyConnect would not even notice.

2011 Cisco and/or its affiliates. All rights reserved.

Product List
Routing and Switching Cisco Catalyst 6500 Series Cisco 7200 Series Router Cisco 7200VXR NPE-G2 Network Processing Engine Cisco 2800 Series Routers Cisco 2900 Series Routers Cisco Catalyst 3750 Series Switch Cisco Catalyst 3560 Series Switch Security and VPN Cisco ASA 5585-X Adaptive Security Appliance Cisco ASA 5550 Series Adaptive Security Appliance Cisco ASA 5505 Adaptive Security Appliance Cisco Intrusion Detection System Services Module (IDSM-2) for Cisco Catalyst 6500 Cisco ASA 5500 Series IPS Edition Cisco IronPort Email Security Appliance

The most important benefit of the Cisco solution, however, is that it provides vRad with all of the visibility and control that the company needs to protect confidential patient data. The biggest benefit we see is real-time notifications when something in our network goes awry, says Williamson. We have many customized alerts integrated with LogLogic and our Cisco IPS solutions. Thus we can troubleshoot a situation within seconds. Williamson believes that the tight integration between the Cisco and LogLogic solutions plays a central role in delivering that visibility. There are so many important logs you need to track to properly manage your Cisco environment, especially when youre trying to increase the level of visibility in your network, says Williamson. The Cisco and LogLogic solution gives me instant access to all of our logs at any time, from all of our equipment. Its extremely valuable. The integrated Cisco and LogLogic solution also streamlines regulatory compliance and auditing requirements, and makes the vRad IT teams job substantially easier. With the LogLogic HIPAA compliance package integrated with all our Cisco logs, I have everything I need for a HIPAA audit ready to go, says Williamson. Without these tools, it would be nearly impossible to successfully deliver all of the reporting the auditors want.

Data Center Cisco Unified Computing System (UCS) Cisco Nexus 5000 Cisco Nexus 2000 Cisco MDS 9500 Series Multilayer Directors Wireless Cisco Aironet 1250 Series Wireless Access Points Cisco 4400 Series Wireless Controllers Cisco Wireless Control System (WCS) Unified Communications Cisco Unified Communications Manager Cisco Unified Wireless IP Phone 7925G Cisco Unified Contact Center

Next Steps
In the coming months, vRad plans to rely on the Cisco VPN solutions even more as the company fully integrates Nighthawk Radiology into its corporate environment. As part of that integration, the company is upgrading the data center, deploying Cisco Nexus family switches and the Cisco Unified Computing System. With a highperformance, virtualized data center environment, vRad will be able to support many more physicians, VPN connections, and customers, even as the company continues to deliver excellent quality and security.

For More Information

To find out more about Cisco Borderless Networks, visit: www.cisco.com/go/borderless. To learn more about Cisco SecureX, visit: www.cisco.com/go/security. For more details on Cisco solutions for healthcare organizations, visit www.cisco.com/go/healthcare. For more information about Virtual Radiologic, visit: www.virtualrad.com.

Americas Headquarters Cisco Systems, Inc. San Jose, CA

Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore

Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Ciscos trademarks can be found at www.cisco. com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R) C36-677449-00 6/11