Data security lessons from the U.S. Department of Health

By Gigamon

How the department built a new tool to scan its networks.

In April of 2019, security breaches at U.S. healthcare companies affected the data of almost 700,00 people. As a result, cybersecurity has become a top priority for healthcare systems in the U.S. and around the world.

For the U.S. Department of Health and Human Services (HHS), the loss of healthcare-related or sensitive information could be devastating. The U.S. Department of Health also realised that conventional security tactics were simply not enough anymore, so they decided to take a whole new approach whereby they could see everything on their network.


To do that, they turned to Gigamon, the leading network visibility and analytics solution. With Gigamon, the Department gained pervasive network visibility across their geographically-dispersed agencies.

Wanted: A Secure, Scalable Solution


First let’s set the scene. The Health Department needed a standardised cybersecurity framework for its divisions. But the objective was demanding: “We had very specific requirements,” remarked Steve Swansbrough, Security Hardware and Software Team Lead at the department’s Computer Security Incident Response Center (CSIRC).

The department wanted a solution that could connect multiple tools for monitoring and security, he said. They had tools to analyse malware, detect intrusions and monitor application performance. The solution also needed to handle the traffic of their multiple 10Gb networks.

So, the right solution had to be scalable as well. Some of the divisions within the HHS include the Centers for Disease and Control; Federal Drug Administration; the National Institute of Health; and Centers for Medicare and Medicaid. Each division’s networks needed to be centrally monitored by the Department’s response centre.

A factor adding further complexity was the Department of Homeland Security’s ‘Trusted Internet Connections Initiative’ — a policy that set cybersecurity monitoring standards across federal agencies. It standardised security measures for all external network connections currently in use by federal agencies. That meant an extra layer of regulations that all security solutions needed to adhere to.

The department decided on a combination of talented internal cybersecurity experts and a rapid response system that could monitor and respond to cyber threats quickly. The latter is where Gigamon comes in.

Watching the Watchers


Gigamon helped to introduce centralised management and cost savings into the Health Department security operations.

How does it work in practice? Gigamon’s network visibility and analytics solution works with existing security, monitoring and management tools. It aggregates, decrypts, filters and delivers the appropriate network data to these tools. As a result, the response centre gets pervasive visibility into its networks without affecting performance or stability.

The first perk is that, despite the dispersed locations of government offices, the folks at CSIRC could “sit outside of each division and monitor from here”, according to Swanbrough. “The divisions each have their own security tools attached to their Gigamon solution, and they monitor their own networks,” he said. “We are a layer above, so you could say we’re watching the watchers.”

What’s more, every bit of data that flows through each division or office’s networks is easily scrutinised and available to security teams to view.

The second perk is that Gigamon can extend the life of expensive monitoring and security tools. CSIRC had 1GB of analysis, and monitoring tools operating on a much faster 10GB network. The company helped to ‘load balance’ the tools or bypass non-functioning tools so they were not overwhelmed. This meant that the response centre could extend their use of these tools, Swansbrough noted. “That kind of modularity is a huge benefit.”

And as federal agencies begin their transition to the cloud, Gigamon helps smoothen out wrinkles along the way. Migrating workloads to the cloud often leads to surprises from unanticipated network and applications usage - but with Gigamon, “we’re able to keep historical data and track trends, such as network areas and times of the year where certain things happen so we’re able to plan for the future,” added Swansbrough.

Robust cybersecurity is a must for any healthcare provider, company, or government agency, with so much sensitive personal health data at stake. What is clear is that network visibility can complement existing threat monitoring tools, eliminating blind spots and giving greater peace of mind to security teams.