Cloud companies brought together by DMZ in a box
Melbourne health IT companies PicSafe Medi and Corazon Systems have signed a partnership to promote each other's businesses and to further encourage the general and specialist practice communities to consider moving to the cloud.
PicSafe Medi markets a mobile medical imaging system that allows users to securely take and store medical images, while Corazon Systems is a managed services IT company that specialises in helping medical practices to become paperless.
Both companies use iWebGate, an innovative security product that offers a network demilitarised zone (DMZ) as a service to small and medium-sized enterprises, or effectively a “DMZ in a box”.
Both companies believe that iWebgate offers an answer to medical practices that would like to take advantage of the flexibility and lower cost of cloud services but that are still hesitant to take the leap away from locally installed software.
Corazon System's founder Sid Verma said that while there was still a lot of reluctance in the medical sector to use cloud services, he believes the cloud is often more secure than having a server on the premises.
“The janitor who comes in to clean at night can't turn off the cloud by accidentally knocking it over,” he said.
Mr Verma has been involved in the IT industry for almost 20 years, but became interested in providing managed services to medical specialists in particular when his wife, an endocrinologist, went into private practice.
“She wanted to run her practice as efficiently as possible, saying she wanted the practice to work on autopilot,” Mr Verma said.
As Mr Verma set about developing a paperless practice for her, he said then discovered that there were very few IT companies that simplified the “IT conversation” with the doctor and made an effort to understand how they would like to run their practice.
“Each medical practice is a micro-business in terms of their size but they are a medium-sized business in terms of their software requirements, their security requirements and their back-up,” he said.
“IT companies that service medium-sized businesses don't want to talk to these medical practices because they are too small, while IT companies for micro-businesses can't provide all of the services for lack of expertise.”
It was while he was searching out all of the different solutions that a medical practice needs that he decided to use iWebGate as the main security solution. The Australian company, formerly based in Perth but now headquartered in the US, won the Global Security Challenge in 2010 and is the first international company accepted into the Northrop Grumman Cync cybersecurity program.
Mr Verma said iWebGate works as a “virtual receptionist” through a cloud-based ghost network. In the physical world, organisations hire a receptionist to be the first point of call for when a visitor enters the building.
That receptionist is an intermediary between the visitor and the person being visited, and first checks that the visitor is expected before allowing them in.
iWebGate in effect set ups a virtual reception area between a medical practice and public networks such as the internet.
While a firewall acts as a barrier, medical practices will need to open holes in that firewall by opening ports to receive emails, access the internet, send files by FTP or terminal services to access the server from another location.
“So suddenly your firewall has got four holes in it and it's not a firewall anymore,” Mr Verma said. “Then the 15-year-old kid living in the Ukraine will set up hacking software and start scanning for these open ports.
“The way traditional firewalls are designed, if I get a request on the remote desktop port to access my server, the firewall doesn’t ask the question 'who are you or who are you trying to contact?' It just connects you directly to your server.”
So if a hacker knew that your remote desktop port was open, he will try to connect to that port and will be presented with the log-in screen of your server. Using the username “administrator” and trying a few passwords, he will have complete access to your server and your practice.”
“To prevent that, you set up a DMZ, or the virtual reception that stops and verifies all traffic before letting anyone through.”
iWebGate has taken a similar idea but instead of building a hugely expensive DMZ, has devised a cloud-based ghost network that in effect establishes a DMZ for small businesses at small business prices.
“In our case, all our clients or practices are protected by this enhanced level of security.” Mr Verma said. “The beauty is in the simplicity of the solution. The DMZ hides your practice from the hackers but still allows you to seamlessly connect, email or browse the internet. Without changing the way you log in, it wraps your practice in a security blanket – no matter where you log in from.”
PicSafe Medi uses iWebGate as its security system to protect sensitive medical images and patient data in the cloud, he said. “What they have is a cloud-hosted secure network for sending images. Anyone who has a PicSafe account and who sends images, is first being secured by iWebGate and then it will go through to PicSafe after that.”
Corazon Systems and PicSafe Medi have signed a heads of agreement to promote each other's services. "The fact that both our organisations utilise the iWebGate security and service the same customer base makes us a perfect fit," Mr Verma said. "The PicSafe Medi solution is a natural extension of our solution."
Corazon Systems has now started offering medical transcription services to its clients. It allows off-site transcribers to access a medical specialist's network securely so no audio files need to be emailed or uploaded to another server.
“Normally you would send a file to a transcription service, but we have a way that you upload the files to your own server and it never leaves the premises,” Mr Verma said. “The transcriber is given access into your server securely so they do the transcription, and is directly downloaded into your clinical software.”
Mr Verma is also talking to a large cardiology practice in Melbourne to help it find suitable DICOM viewer software that can be accessed remotely. “What we'll get is an automated, fully backed-up secure way of accessing the cardiology practice remotely,” he said.
PicSafe Medi meanwhile has begun a trial of its system at a major hospital in Victoria.
Posted in Australian eHealth