Technology Blog

When policy fails it even inadvertently hurts a hospital

Aruba Employee
Aruba Employee


Ransomware is alive and well in the enterprise space! Recent events in the medical community represent the new face of cyber security by today’s opportunistic digital criminals. Given the way that hospital employees were locked out of internal systems such as, email, it's clear this attack started from inside the network – most likely through malware.


Until now most ransomware demands were linked to DDoS attacks – but this marks a turning point – and the use of nearly untraceable currency for payment – Bitcoin being the novel twist. On the eve of the RSA conference, as we are, much speculation will ensue, but I am willing to bet that it was an event that may have been prevented using NAC and an adaptive exchange with internal security solutions, like firewalls and SIEM solutions.


At some point, a device did something that its user should not have access to. When we limit Role-based access control to people and not devices we are leaving ourselves open to this exact type of attack. The failure to make device context part of an access control policy is the number one reason that our employee’s can hurt us – albeit unknowingly.


More details will surely follow, but sadly risk posture is based on what the situation is, not what we think the situation is.


While Network Access Control may not help in all scenarios, Aruba’s ClearPass and ClearPass Exchange integrate with your existing infrastructure to define and control what enterprise data can be accessed by whom and but devices. When working together with other security components you have a you establish a  holistic approach to an end to end security – devices, your access layer, traffic inspection and enforcement.


In this modern world, its imperative your infrastructure elements work with and communicate effectively with one another. It’s not exciting, it’s not sexy but it is essential. IT Security remains one of the few professions where a quiet day is a good day.


Your thoughts are welcomed.

Aruba Employee

The writer is aware he is spelling at a 3rd grade level in the last paragraph. He will re-edit asap

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Read all about it! If it’s happening now, it’s in the community.

Check out the latest blogs from your community team, the community experts and other industry sources.