BACKGROUND ALYN Hospital is one of the world’s leading facilities for active and intensive rehabilitation of children with physical, respiratory and developmental disabilities. The hospital provides inpatient and outpatient rehabilitation services through a wide range of multidisciplinary clinics and support programs. As a highly specialized tertiary care center, ALYN treats children from a wide geographic area.

TECHNOLOGY IN THE SERVICE OF REHABILITATION
ALYN’s medical teams and therapists are experts at leveraging technology to maximize patients’ capabilities, social integration and overall well-being. In keeping with this collaborative, technology-forward approach, all medical records are digital; medical staff and therapists use web-based resources extensively; patient teams collaborate with primary medical teams, families and teachers in remote locations via web technologies; and centralized systems enable staff to access patient data from any device or location.
“ALYN professionals closely coordinate at every step with patients’ primary physicians and therapists, so sharing patient data with third parties is essential,” explained Dr. Maurit Beeri, Director General of ALYN. “Our physiotherapists, occupational therapists, speech therapists, psychologists, social workers, nurses and doctors use the Web constantly, for research, to access resources for patients, and to update patients’ families, teachers and local medical teams.”
ALYN’s small, but highly skilled and dedicated IT team is completing deployment of an entirely new hospital system that integrates highly advanced web infrastructure – cluster and data duplication, disaster recovery, application firewalls, NAC protection, endpoint protection and malware detection, WAF, and email traffic protection and sanitization.

SECURITY FIRST
Technology contributes immeasurably to patient care, but also places ALYN at risk of cyberattacks – risk that Uri Inbar, Director of IT, is adamant to guard against: “ALYN Hospital has zero tolerance for malicious attacks that can cripple hospital systems, threaten patient wellbeing, and expose private information. It’s crucial for us to have all relevant protective layers against cyberattacks and other disasters, well beyond those required for our ISO certification.”
Wary of the unending cat-and-mouse games between hackers and “patchers,” which too often allow room for zero-day threats and malware to sneak in under the radar, ALYN’s IT department initially blacklisted large swathes of the Web, and set up isolated workstations which could be used to access Web-based content received from remote colleagues.

THE CONVENIENCE CONUNDRUM
ALYN doctors, nurses and therapists literally wear running shoes to get through their days. With a patient population of children who are seriously ill or disabled, caregivers have no time – and less patience -- to struggle with inconvenient security barriers.
“We need a solution that works seamlessly for every member of our staff, on every device and every operating system they might use, from wherever they are, with absolutely no hassle,” explained Inbar.
ALYN needed a secure browsing solution that would protect against browser-borne threats, while providing a completely natural, high quality Internet browsing experience.

THE SOLUTION
“Web isolation and file sanitization were the final missing pieces of our defense-in-depth puzzle,” stated Inbar. “We were searching for a solution that would integrate smoothly and seamlessly with existing ALYN security solutions, support group-based policy definition for users and domains, and be centrally managed.
Ericom Shield ticked all those boxes, and is preintegrated with Votiro file sanitization.”
Based on a detectionless, patch-free approach to secure browsing, Ericom Shield brings a powerful layer of protection to ALYN’s existing cybersecurity portfolio. It dramatically reduces the risk of malware infiltrating ALYN endpoints and network via browser-executable code that can slip past defensive cybersecurity solutions.
The solution is transparent to ALYN users, who use the Internet as usual, on any device and browser they choose, in every treatment room, with almost no degradation in performance.
While users experience websites naturally, on their device browsers, each browsing sessions is actually executed on a remote virtual browser that is isolated in a disposable container, located in a remote “safe zone” of the ALYN network DMZ. Far from the endpoint device, the session is rendered in real time and streamed to the user’s local browser. A new container is allocated for every remote browsing session and tab, and discarded once that session or tab is closed to prevent accidental leakage.
Browser-executable code, including malware, never reaches the endpoint, yet the user browsing experience is completely secure and totally seamless. In addition, ALYN’s IT staff have consistent, centrally managed control over file download and upload permissions based on Active Directory users and groups, while ensuring that downloaded files are automatically cleansed before use.
Ease of use is important not only for the medical staff: With over 200 fixed stations and 50 mobile devices – many of which reside in the 380 users’ pockets -- IT administrators needed a centrally managed solution that would be quick to set up and easy to manage. Ericom Shield requires no endpoint installation and is compatible with all devices and operating systems.
Within less than two hours, Ericom Shield was fully integrated with ALYN’s existing security frameworks, including anti-virus solution, endpoint security, firewall, URL filtering and file sanitization solutions. As a centrally managed, client-based solution, Ericom Shield inherited existing ALYN organizational policies and Active Directory settings, and no installation was needed on user devices, enabling full testing and roll-out to be completed in weeks.

THE IMPACT
“Ericom Shield is crucial for our work at ALYN,” said Dr. Maurit Beeri, Director General of ALYN. “The ability to access any site from any computer or tablet, and download any file without putting our network at risk, increases staff productivity and allows us to provide the best care for our patients.”
“With Ericom Shield, we feel much more confident with users accessing the black pit that the web is today, since we know that every bit of code is executed only remote from our endpoint is executed only remote from our endpoint and networks, and cleared even from there within minutes,” said Uri Inbar.

CONCLUSION
As a premier rehabilitation hospital for children, ALYN depends on the most advanced technology to maximize the potential and well-being of the kids in their care. Ericom is proud to provide equally cutting-edge technology to enable the professionals who do this outstanding work to securely and easily leverage the digital resources they need to get the job done.

The healthcare industry has fast become a soft target for cyber-attacks and with good reason. Hospitals host both financial and protected health information, while offering a number of easy access point for ransomware attacks and insider threats.

Company background ALYN Woldenberg Family Hospital is Israel’s only pediatric rehabilitation facility, founded by Dr. Henry Keller back in 1932. The hospital has a customer database of more than 70,000 patients and hosts its main website in four languages and across three different domains. In addition, they have a special projects website in both Hebrew and English, which is used for resource development and to coordinate special events. It’s where people can sign up to participate in events, but it also accepts donations. The hospital IT team is worried that the events site could be a possible weak point, allowing hackers easier access to their systems, and the main reason they went searching for a good WAF provider.

The Challenge Five years ago, the IT team noticed an increase in cybercrime, especially in the healthcare industry. While the hospital had never experienced an attack, the security of their content management system (CMS) became a key concern. The team didn’t feel their cybersecurity vendor was updating the security on their CMS as often as they should, leaving them vulnerable and leading the team to go looking for a new vendor. Patient privacy and regulatory compliance are key concerns for ALYN Hospital and were mitigating factors in determining which cybersecurity suite to go for. This, paired with a best cost-benefit ratio and the constraints of a small IT team meant they had to find a managed system that was easy to integrate and required minimal upkeep. Initially checking out on-premise WAF systems, the team kept coming up against the cost of securing their sites and; because of strict government regulations, they were initially hesitant to move to a cloud-based system. Ultimately, however, they decided that the Incapsula cloud-based WAF was just the thing.

The Solution “We looked at community reviews and talked with colleagues at other hospitals and got the impression that Incapsula is one of the best in terms of cost-benefit ratio, which is important to us, in addition to robustness, ease-of-use, and integration, which was very smooth. It all proved to be correct, for which I am very glad,” said Uri Inbar, Director of IT for ALYN Hospital. Integration took less than a day and ALYN Hospital still manages its servers in-house, with a staff member who is now dedicated to security. Incapsula has been low maintenance from the start, so, while customer support was with them every step of the way at the beginning; they haven’t needed any for the last few years because the system has been running smoothly on its own. “It gives us peace of mind to know that someone has dedicated themselves to the subject and keeps us updated. It’s one less worry to take care of.”

Benefits Increased visibility for monitoring security threats: The Incapsula dashboard is easy to use and provides information that helps ALYN Hospital keep its systems secure. And for their special projects, they can even see which countries are generating the most traffic. 24/7 DDoS mitigation: ALYN Hospital uses Incapsula’s DDoS protection, which significantly improves security and reduces down time by fending off attacks. Good cost-benefit ratio:
One of the most important aspects of any new security system for ALYN, the costs were reasonable, especially given the security benefits they received from the Incapsula system. Faster content delivery:
While no formal studies were done, the IT staff has heard from some users that their CDN is delivering content faster than before. Just one more benefit of using Incapsula.