Hamilton Health Sciences case study

Background

Across six major hospitals, the 10,000 email users of Hamilton Health Sciences account for a considerable message volume. Most of it is unwanted. The staff of this leading health system in Hamilton, Ontario has extraordinary medical expertise, but many are far less sophisticated when it comes to safe email practices. The IT team needed an email security system that could accurately block a high volume of spam messages, reduce the risk of patient-data leakage and offer straight-forward, practical management. They found the ideal solution in an Extensible Content Security (XCS) system from WatchGuard.

The Challenge

Approximately 850,000 email messages a day arrive at the edge of the Hamilton Health Sciences network, the overwhelming majority from mass spammers. The existing Symantec solution was struggling under the load. "The problem was instability," explains Sandy Williams, Senior Systems Administrator. "The database couldn't keep up with the mail that we were getting. We would get calls all the time at the help desk about emails not coming in. We had to reboot the boxes every couple of days, and run defrags on the database quite often. There was a lot of maintenance that went into it."

The Watchguard® Solution

WatchGuard learned about the problem, and suggested that the next-generation WatchGuard ReputationAuthority reputation service could help by blocking much of the spam before it entered the content filters, acting as a powerful first line of defense. Hamilton Health Sciences' IT department first tested the WatchGuard solution as a front-end to the existing system. Once the XCS evaluation unit was deployed and accepting email, the Hamilton Health Sciences IT team responsible for the demo broke for lunch. When the team came back an hour later and reviewed the email processing statistics, the spam volume reaching the server had dropped from saturation to near-zero.

The WatchGuard XCS appliance replicated much of the older system's filtering, making the latter system redundant. The team swapped out the older system for a pair of WatchGuard XCS systems (known as BSP800 systems at the time, roughly performance-equivalent to current XCS 970 models). The two are configured as a failover pair, processing bi-directional email traffic for all six main hospitals, a major cancer center, and multiple clinical sites. Running WatchGuard ReputationAuthority, inbound and outbound content filtering and email antivirus, the solution protects against spam messages besieging users, malware penetrating the network, and confidential patient data leaving in outbound emails.

Benefits

Block Rate of 95 Percent

The WatchGuard ReputationAuthority identifies emails from known spam sources, and rejects the connections from those sources outright at the perimeter. More than 95 percent of emails arriving at Hamilton Health Sciences are rejected based on unknown recipient addresses alone. Only one message in twenty needs to be passed on for filtering. ReputationAuthority also adds an extra layer of defense-in-depth, so that most messages crafted to evade content-based detection are instead blocked preemptively.

The impact is a huge performance improvement in overall email throughput, a much lighter load on the Exchange Servers and delivery infrastructure, and fewer malicious and unwanted messages reaching the end users.

Fine-Grained Inbound Content Filtering

The WatchGuard XCS units also allow much finer control for content-based detection, which flags an additional one percent of incoming emails as spam. "I can go in and configure things in more detail now, and simply fine tune," declares Williams. The content filters are able to combine key words and phrases, and match based on regular expressions for doing various kinds of wild card matches.

The content filters augment the anti-virus detection as well, because Williams has established policies that block executable files based on extension. These messages are quarantined for evaluation by an administrator who can either delete the message or pass it on to the recipient. With this extra protection in place, some messages that consist of questionable attributes or do not correspond to an RFC standard have been blocked and quarantined. Upon review of these quarantined messages, it was discovered that they also harbored malicious zero-day threats.

Flexible Outbound Filtering for Privacy Protection

As a healthcare provider, Hamilton Health Science is bound by Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), which mandates the assurance of privacy for electronic patient data. "We have a written policy against patient information being sent out to external email addresses," explains Williams. "But that doesn't necessarily stop users from trying. I have filters, like date of birth, to catch those emails. We're quarantining those messages, and sending a notice out to administrators."

Like the inbound rules, the outbound rules allow combinations of phrases to be detected, including pattern-matching for variable information such as health card numbers. Policies can be set up by individual, user group, or the entire domain.

One Less Thing to Worry About

Williams isn't just a full-time email administrator, of course. She is also responsible for multiple elements of the IT infrastructure. Having a reliable system that doesn't need babysitting and is easy to manage makes everything easier. As she says, "The system is extremely reliable. Basically I just go into the quarantine once a week to see if there's anything leftover that shouldn't be in there. Our email security is one less thing I have to think about."

About Hamilton Health Sciences

Hamilton Health Sciences is a family of six unique hospitals and a cancer centre, serving more than 2.3 million residents of Hamilton and Central South and Central West Ontario. Hamilton Health Sciences is the second largest hospital in the province and the regional centre for burns, trauma, cardiac, stroke, neurosurgery, pediatrics, digestive diseases, high-risk obstetrics, cancer, orthopedics, and rehabilitation services. As an academic teaching hospital with more than 1,000 beds and an affiliation with McMaster University's Faculty of Health Sciences, Hamilton Health Sciences is able to offer an academic environment where patients benefit from some of the most innovative treatments and are cared for by some of the most talented medical professionals in the country. With a staff of more than 10,000, the hospital is the largest employer in Hamilton.

« Return to top »