138 Network Intrusion Prevention Design Guide: Using IBM Security Network IPS
5.1 Company overview
The cardio healthcare company is a healthcare provider that focuses on
providing specialized cardiovascular-related healthcare services in the US. The
company was founded in California and then expanded across the country. It
operates stand-alone clinics in several states, where each clinic occupies its own
building and provides preventive care and outpatient services. For surgery and
other inpatient services, the cardio healthcare company uses operating
environments in partner hospitals. The cardio healthcare company also
participates in research programs.
The cardio healthcare company maintains financial and confidential health
information about its customers (patients, research partners, and affiliated
hospitals). All records are kept in electronic form. One of the key applications is
Patient Web Portal, where, by using a personal portal page, patients can
access their personal health records, payment information, and so on. In
addition, email communication is available between patients and service
Because the cardio healthcare company works closely with a few pharmaceutical
companies on the latest drugs for heart disease, the exchange of confidential
research-related information is extensive. Research information is also kept in an
electronic form and shared over the network.
The cardio healthcare company has built a strong and long-term reputation and
financial stability over the past 15 years in the US. The company’s plan is to
expand its operations within the US and to open healthcare centers in
The following section provides an overview of the information technology (IT)
infrastructure that supports this business.
5.1.1 Current IT infrastructure
The cardio healthcare company relies on two data centers: a primary site (in
Phoenix, AZ) and a
backup site (in Raleigh, NC). All production-related
operations are performed in the primary data center. In terms of production, the
backup data center is used for disaster recovery only.
Staying focused: The following sections describe company information that
is relevant to the security solutions of the Network, Server, and Endpoint
domain. It does not provide a complete description of the company nor
address all the necessary activities related to information security.