University Hospitals Birmingham adopt Microsoft Azure

Sector: Charity

University Hospitals Birmingham work across all sites to support patients, families and staff at their hospitals, with their fantastic team of staff providing ‘added extras’ that are over and above that which is provided by the NHS.

The background

University Hospitals Birmingham needed a specialist Microsoft certified partner to design a cloud-hosted system for a critical line of business application, that could be easily accessed by the charity staff and seamlessly integrate into the existing IT function.

Hospitals are encouraged to utilise Microsoft Azure to get the most out of its robust cloud infrastructure, which enhances patient care and operational efficiency. Azure provides secure, scalable solutions that enable hospitals to manage vast amounts of data, ensuring that patient information is accessible and protected.

Hospitals need to review their IT strategy and security posture to ensure they can effectively protect sensitive patient data, comply with evolving healthcare regulations and stay resilient against emerging cyber threats.

With advanced analytics and AI capabilities, Azure helps healthcare providers gain valuable insights, improve diagnostics, and personalise treatment plans. Additionally, Azure’s compliance with healthcare regulations ensures that hospitals meet stringent data privacy and security standards, ultimately fostering a more reliable and innovative healthcare environment.

The service

CSG worked with key stakeholders to identify the requirements, key drivers and proposed recommendations for a solution based around MS Azure and Azure Virtual desktop (AVD).  

The core service is built with Azure compute virtual machines to operate SQL backend databases and  Azure Active Directory Domain Services for important managed domain services. 

For end-user compute and delivery, CSG designed a custom build of Azure Virtual Desktop, where the UBH staff would access their line of business application via a cloud-hosted windows 10 multi-session look and feel desktop. The AVD service is provided on a per-user basis and important network shares, applications, MS 365 services and data are contained within a secure and controlled desktop experience. This service is available to UHB staff via the internet and accessible via any device, any location. 

From a security perspective, CSG configured the Azure VPN service for network security,  authentication requirements and completed further advanced security hardening of the MS Azure tenant for identity-based security. Sophos Intercept X provided Virtual Machine and Desktop local security, protecting the services against next-generation security threats, such as ransomware,  malware, and anti-exploit kits.  

The environment is protected and backed according to client requirements, with a daily, weekly, and monthly snapshot.

Identity and access management

• Multifactor authentication (MFA): Azure Virtual Desktop (AVD) integrates with Microsoft Entra (formerly Azure Active Directory) to enforce MFA, ensuring that only authorized personnel can access sensitive patient data.
• Conditional access policies: UHB charity can now implement conditional access policies to control access based on user location, device compliance, and risk levels.

Network security

• Virtual network integration: UHB charity deploy AVD within their private virtual network (VNet), isolating hospital data and applications from public internet access.
• Network security groups (NSGs): CSG have supported UHB charity in using NSGs to restrict and monitor network traffic, allowing only necessary communication between virtual machines and other resources.

Data protection

• Encryption: ensure that all data at rest and in transit is encrypted using Azure’s built-in encryption capabilities.
• Backup and recovery: regularly back up virtual machines and data to Azure Backup, ensuring quick recovery in case of data loss or corruption.

Endpoint security

• Secure user devices: this support has allowed UHB charity to implement policies to ensure that all devices accessing AVD are compliant with hospital security standards, including antivirus software and regular updates.
• Reverse connect: CSG have allowed UHB charity to utilise AVD’s Reverse Connect feature, which eliminates the need for open inbound ports, reducing the risk of unauthorized access.

Monitoring and compliance

• Security information and event management (SIEM): the integration of AVD with Azure Sentinel and other SIEM solutions has allowed the charity to monitor and analyse security events in real-time.
• Compliance audits: CSG support the hospital charity in regularly conducting compliance audits to ensure that AVD deployments meet healthcare regulations and standards, such as HIPAA.

The result

University Hospitals Birmingham now has an optimised and secure environment for sharing its line of business applications between staff. The environment operates on Microsoft Azure and uses best in class compute, storage, network, and security technologies.  

Microsoft Azure Virtual Desktop (AVD) has provided University Hospitals Birmingham with a secure and scalable solution for managing their IT infrastructure and improving operational efficiency. AVD also allows healthcare providers to access patient records and clinical applications from any device, ensuring seamless workflows and reducing the time spent on administrative tasks.

This not only improves the quality of care but also enhances data security and compliance with healthcare regulations. For charity organisations, adopting Azure Virtual Desktop can significantly reduce IT costs and streamline operations. With AVD, charities can provide their staff and volunteers with secure access to necessary applications and data from anywhere, fostering collaboration and productivity while maintaining a high level of data protection. This flexibility and cost-effectiveness make AVD an ideal solution for organisations looking to maximize their impact with limited resources.

The day-to-day interaction with the service is monitored and supported by CSG’s ServiceDesk, ensuring uptime and availability for the organisation. Any end-user support related incidents are catered for with an all-inclusive telephone and remote support service.

Microsoft Azure Virtual Desktop (AVD) has allowed the healthcare providers to access patient records and clinical applications from any device, ensuring seamless workflows and reducing the time spent on administrative tasks. This not only improves the quality of care but also enhances data security and compliance with healthcare regulations.

For charity organisations, adopting Azure Virtual Desktop can significantly reduce IT costs and streamline operations. With AVD, charities can provide their staff and volunteers with secure access to necessary applications and data from anywhere, fostering collaboration and productivity while maintaining a high level of data protection. This flexibility and cost-effectiveness make AVD an ideal solution for organisations looking to maximize their impact with limited resources.

What the University Hospitals Birmingham said…

“It was very easy to work with CSG, who understood our requirement for the cloud hosting service and the entire cycle was handled very professionally from the very first phone calls through to the delivery of the service. We were happy with the overall service and would recommend CSG to any organisation considering Microsoft Azure Services.” Mike Hammond, Chief Executive.