Download Beth Israel Deaconess Medical Center Case Study

Strengthening Data Security and Creating More
Time for Patient Care
Customer: Beth Israel Deaconess
Medical Center
Website: www.bidmc.org
Customer Size: 8,000 employees
Country or Region: United States
Industry: Healthcare
Customer Profile
Beth Israel Deaconess Medical Center
(BIDMC), based in Boston, is a teaching
hospital for Harvard Medical School.
Regularly cited as a “best hospital” in
multiple specialties by U.S. News & World
Report, BIDMC is also known for its
innovative use of IT in healthcare.
Software and Services
 Microsoft Server Product Portfolio
− Microsoft SQL Server 2014
Enterprise
 Microsoft Azure Platform
− Microsoft Azure HDInsight
 Services
− Microsoft Power BI for Office 365
 Technologies
− Active Directory Domain Services
For more information about other
Microsoft customer successes, please visit:
www.microsoft.com/casestudies
“This solution speeds up the process of monitoring
security events in near-real time and allows us to
detect any suspicious activities quickly.”
Ayad Shammout, Director of Data Platform & Business Intelligence,
Beth Israel Deaconess Medical Center
IT administrators at Beth Israel Deaconess Medical Center are
using new database technology to stop data breaches in
seconds—and help physicians focus even more on patients.
Business Needs
Like most doctors today, physicians at
Boston’s Beth Israel Deaconess Medical
Center (BIDMC) don’t have a lot of time on
their hands. Their days are packed full of
checkups and surgeries for the thousands
of patients that come through the
hospital’s doors every year.
So when they have trouble logging on to
one of the hospital’s clinical information
applications, that’s a problem. If the
system isn’t letting them in, time that
could be spent counseling patients or
accessing critical medical information is
lost.
A Frustrating Wait for IT
As part of the hospital’s commitment to
data security, the IT team uses a security
event monitoring system to track every
network logon attempt. But if physicians
called to report logon trouble, the IT team
would often have to wait more than one
hour for the monitoring system to run a
report based on data from a Microsoft SQL
Server database. The database collects
data from all security events, such as failed
logons. “We ran that report every hour, so
if somebody called the help desk to say
their account was locked and they didn’t
know why, we resolved the issue for them
quickly, but our investigation to find the
root cause of the problem could take up to
an hour,” says Ayad Shammout, Director of
Data Platform & Business Intelligence at
BIDMC.
That wait time was frustrating for IT, which
needs to be able to quickly identify why a
logon attempt failed. Was it simply a
forgotten password? Or something worse,
such as a cyberattack that might
compromise the account—and possibly
personal patient information?
In an era when data breaches happen with
alarming regularity, even in hospitals,
BIDMC needs to ensure it’s on top of the
situation. “We have to quickly investigate
every system login problem to find out if
there’s any suspicious behavior,” Shammout
says. “We had to have a faster way of
getting this information. If there’s a data
breach, and I’m under pressure to run some
queries to find out what’s going on, I don’t
have minutes to wait to run that query.”
The Need for Speed
Part of the reason the BIDMC security event
monitoring system took so long was that
the process for collecting event data was
slow. In that process, six domain controllers
fed event data to a central table in SQL
Server. But the job that reads the data and
updates the table, conducted at the top of
every hour, took up to three minutes..
The process was further delayed because
the hospital’s numerous data warehouses
included multiple data sources and
hundreds of millions of table rows of data.
In fact, the BIDMC IT team relies on
Microsoft technology for approximately 200
application databases, including missioncritical clinical software and a security
system. As a result, it could take up to 45
seconds to run a query. “If we face an
immediate threat, and it takes the better
part of a minute for security staff to run a
query, that’s not acceptable,” says Don
Wood, Manager of Database Administration
at BIDMC. “And by the time they get results
back, the data might no longer be relevant,
so they could have to run the query over
and over again.”
Additionally, the hospital kept only 30 days
of data as part of its service level
agreements for the security monitoring
system. Although this kept performance
from slowing down even more, it also made
it difficult for administrators to look for
recurrent patterns over longer periods of
time, such as a history of failed logon
attempts from specific users or IP addresses.
“So we needed faster query performance
but also more insight into security events,”
says Shammout.
Optimizing Memory with a New
Database Solution
BIDMC started down the road to improved
performance by implementing Microsoft
SQL Server 2014 Enterprise software.
Specifically, the hospital wanted to take
advantage of the in-memory columnstore
feature in SQL Server 2014, which
improves transactional performance and
data compression.
As a way to gain more insight into
historical security event data, the hospital
is also experimenting with the use of
cloud-based offerings such as Microsoft
Azure HDInsight and Microsoft Power BI
for Office 365. HDInsight is an Apache
Hadoop implementation that runs in the
cloud, and Power BI provides a set of
online analytics and reporting tools.
The hospital’s IT team created a data
warehouse based on SQL Server 2014 for
the security event monitoring system. The
new solution works with Active Directory
Domain Services to collect all security
event data throughout the hospital
network. Security and help-desk staff use
the system every day to look for
unsuccessful logons, suspicious activities,
or patterns that might indicate a
cyberattack. These staff members are also
able to work directly with the large data
sets by using Microsoft Power Query for
Excel, instead of relying on the BIDMC IT
team to aggregate the information. In
addition, the IT team created an interactive
report with dashboards that returns results
within seconds.
Cutting Query Time by 75 Percent
For the hospital’s IT administrators, the
difference in system performance before
and after SQL Server 2014 was dramatic.
For example, query execution times have
dropped by 75 percent in some cases.
“Some of our queries have a 45-second
execution time,” notes Wood. “With SQL
Server 2014, that dropped to 10 seconds.
That’s a huge improvement.”
The organization is also using the new
solution’s built-in data compression
capabilities to increase the data retention
period from 30 to 90 days before archiving
the information. “We can keep 90 days of
data with no impact on performance,”
Shammout says.
Several months after the initial
deployment, Beth Israel implemented the
in-memory online transaction processing
(OLTP) solution in SQL Server 2014. InMemory OLTP is a memory-optimized
database engine integrated into the SQL
Server engine and designed to improve
transactional performance and data
compression. It uses main memory
optimization and no-locking/no-latching
concurrency control mechanisms to
remove bottlenecks caused by scaling up.
This case study is for informational purposes only.
MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Document published November 2014
Benefits
In addition, the event data update process,
which used to run once an hour, can now
be run every five minutes because of
performance improvements achieved
through In-Memory OLTP. And the job
itself, which used to take up to five
minutes to run, now takes only seconds.
“When we first started running these jobs
after deploying SQL Server In-Memory
OLTP, we thought the domain controllers
had stopped sending data because we saw
no delays at all,” says Shammout. “The
data was being inserted into the table
immediately.”
Data Breach Discovery in Seconds
The result of this vast improvement in
system speed is that BIDMC can now get
to the root cause of failed logons in mere
seconds. “From an IT perspective, we can
find out what’s going on immediately
when there’s a logon issue or unusual
activities,” Shammout says. “And our
security and help-desk staff not only can
get answers faster but also can look at the
event by IP address, user name, or specific
time. They have more information at their
fingertips now, so we have a better and
faster ability to stop a potential data breach
at the hospital.”
to-end solution with the built-in BI stack in
SQL Server 2014.”
BIDMC is also able to analyze more data
than before. “We can insert 5 million
records a day into the security event
monitoring system now,” says Shammout.
And the hospital anticipates that it can
maintain high levels of performance even
when it triples the volume of historical data
in its warehouse. As a result, it can gain
better insight faster to help meet its service
level agreements and keep the hospital
running smoothly and securely. “The
volume of data always keeps growing,” says
Wood. “With SQL Server 2014, we can
improve our availability and performance—
and ultimately provide better data service
for patient care.”
The hospital has already conducted a
proof of concept in which it stores large
amounts of unstructured log data in
HDInsight Blob Storage, processes it with
HDInsight, and then uses on-premises BI
tools to analyze the information. In a
separate project, BIDMC business users
have tried out Power BI tools such as
Power Q&A, a natural-language query
feature that automatically generates
reports based on questions asked. “We’d
really like to move forward with
HDInsight,” says Shammout. “Already,
different clinical departments in the
hospital have implemented cloud
solutions, so they’re becoming much more
open to the cloud as an idea, and they’re
more confident in the security of cloudbased applications.”
Helping IT Staff Focus on Security and
Physicians Focus on Their Patients
Because they can more quickly identify
whether or not they’re dealing with a
security breach, BIDMC administrators can
be more proactive about security. “This
solution speeds up the process of
monitoring security events in near-real time
and helps us detect any suspicious activities
quickly,” says Shammout.
Physicians, meanwhile, can focus even more
on healthcare because IT has more time to
help physicians who are struggling to start
critical healthcare applications. “From a user
perspective, our physicians obviously need
to access clinical applications quickly,” says
Shammout.
Better Access to Big Data
Looking further ahead, BIDMC hopes to use
HDInsight and Power BI to gain better
access to big data within the hospital by
extending its on-premises infrastructure
with cloud services. “What I’ve found with
HDInsight is that it removes a lot of
administrative headaches,” says Wood. “It’s
a straightforward and easy process to scale
out and add new resources. HDInsight can
be used for storage and provides an end-
A Role Model for Data Security
As it continues to expand its use of
innovative technologies, BIDMC expects to
be seen as a role model by other regional
hospitals that are considering their own
data security solutions. “We are part of the
larger Harvard network, and many of the
other hospitals in that network look to us
to see what technologies we’re
implementing,” says Shammout. “Solutions
like this one put us ahead of the game. At
an IT level, these other hospitals can learn
from us once we go live, and I don’t doubt
that they’ll follow suit with their own
solutions once they see what we’re doing
here to better monitor and secure our
data.”
This case study is for informational purposes only.
MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Document published November 2014