Re: Scenario
At the risk of sounding like Mr Grumpy, a boundary pair of firewalls isn't going to do much to control this type of outbreak. You are talking the talk of an awful long time ago. Network security has moved on and you would need to consider endpoint protection as well as firewalls and having your IPS somewhere other than (just) the boundary.
Firewalls are not where you do sandboxing.
The argument about a Firewall costing as much as a round of chemotherapy is a busted flush. It's as sensible as arguing that the PC on the hospital administrator's desk cost as much as a year's insulin for a diabetic or that an Ambulance costs as much as a round of chemotherapy. Is that a valid argument for not having either?
Network security appliances enable the hospital to continue to treat patients. They protect against key systems required to deliver patient care being compromised. They also help with data loss prevention and the consequential fines that would hurt the ability of the hospital to deliver care. Given the weak security profile of embedded systems that are used to monitor patients, provide clinical chemistry (etc) adequate protection of the network is essential not optional.
Finally if you're getting charged £3000/day for a callout then the Trust is being ripped off, or some administrator is getting a massive backhander. That is so far above the industry average that I smell not just a rat but a rat king.
BTW, I used to work for the NHS, consider I've paid my dues and these days I work as a Security Architect.
Biting the hand that feeds IT
