VLAN’s for Medical Devices

We are currently working with a very large Oklahoma customer to create VLAN’s for all the medical devices on their multi-city medical network. In the past all their medical devices, including imaging equipment and PACS, were on the same state-wide network as their end users, accounting, patient records, etc. While the entire network was firewalled from the public Internet, they were having troubles securing their medical devices from hackers and viruses if their main state-wide network was compromised. This meant one virus accidentally downloaded from a site could quickly spread across their entire enterprise. In addition, a disgruntled employee could potentially wreak havoc on their network and modalities.

While the segmentation project was started in June 2011 to be completed by December 31, 2011, it had been slow going because of the size and complexity of their network. Their staff was also very busy with other projects so things were just not moving fast enough to meet the upcoming deadline.

We were hired in October to help with the project. Right now we are taking existing documentation and creating local VLAN’s at each facility. We are setting up IP subnets on each of the VLAN’s and working with their network operations center to set up site-wide routing tables. Once this is done we will start creating access lists at each switch to control what devices can traverse the switch and onto the subnets.

In addition we are updating their documentation for this large scale network. In the past their documentation was haphazard at best, so we are pulling various documents together into one location, creating detailed Visio network diagrams at each location, creating spreadsheets showing their detailed VLAN and subnet configuration for each switch. This is a several month project and has already been extended well into 2012 because they like the work we are doing for them. The big upcoming challenges we face is the coordination with various modality vendors to move each of their devices to these new network addresses. We must coordinate with vendors such as GE, Siemens, Carestream, Hologix, Toshiba, Omnicell, and others to get hundreds of modalities moved onto the new networking scheme.

This should keep us busy for a while!