January 2022 Newsletter

Network Upgrade Kickoff

For the last year, CUIMC IT has been advocating for the organizational funding to support a major network upgrade. We recognize the need to not only replace our aging infrastructure but also architect and implement a new network specifically designed to meet the needs of our clinical, research and academic missions.  We have labeled this effort the “Medical Grade Network” (MGN) project. It entails a three-year effort that will replace 90% of the existing network equipment at the medical center. Although challenges from COVID and competing priorities have made securing funding a challenge, the Dean’s office has recently committed to making this effort a priority. This is an exciting development as it will increase access to Wi-Fi, speed up campus internet access, and help thwart ever-increasing external threats. Changes brought about by this upgrade will assist our Infrastructure Services Team in their mission to provide an easily accessible, high-performing, and secure network infrastructure in support and facilitation of research, patient care, and classroom instruction at the medical center. 

A global supply shortage is currently delaying orders for equipment; however, we anticipate delivery within the next three to six months for the first large order that was placed earlier this year. Space needs assessments are currently being conducted in student housing, classroom, and high-density floors. The project will include all areas of campus so surveys of other areas to determine priority are also underway. A webpage is being constructed that will provide an overview of the project, the upgrade schedule, and other important updates. Please submit questions or concerns regarding this upgrade to MGN@cumc.columbia.edu.

Business Continuity Planning (BCP)

CUIMC recently partnered with NYP and WCM to conduct a ransomware table-top exercise. The exercise included a large tri-institutional group with broad representation from many operational areas across the organizations. A ransomware event was simulated, and the group spent the next 2 hours discussing the impact and how we would respond to these challenges. While beneficial in its own right, it was mutually agreed that we could benefit from additional exercises of this nature and the development of a more formal plan and approach to business continuity that is regularly rehearsed and refined. In the coming months, the tri-institutional team will plan and conduct additional workshops and exercises. At the same time, CUIMC will begin internally developing its BCP team, building on the leadership and best practices already established by the Facilities EMOT team. 

Planning of this magnitude is of major importance, and one doesn’t need to look far on news sites to hear of recent ransomware attacks against healthcare facilities. In October of 2020, the University of Vermont Medical Center suffered a major setback when they were hit with a ransomware attack that caused a shutdown of applications, IT network, and access to Epic. The outage had a catastrophic impact for months, and the hospital was forced to operate without information from these essential systems for weeks. The cost to the healthcare facility was 1.5 million dollars per day, ultimately costing about 64 million dollars. To their credit, they refused to pay the ransom.

In addition to the development of our BCP team and capabilities, IT will also be working on improving the disaster recovery (DR) plans for our application and services portfolio. Implementation of a more comprehensive overall DR plan will enable the IT community to become even more proactive in assuring we can continue to provide mission-critical applications to our business and reduce interruptions to clinical care and business operations caused by network, power, or IT system outages, no matter what their cause. 

CUIMC IT Website Enhancements

Phase two of the CUIMC IT website revamp is underway! This will include the addition of a new analytics section, dedicated IT intranet, and developments in site navigation and usability. Rest assured, we have heard your prior feedback and are doing something about it. Please continue to submit any questions or concerns via cuimcitnewsletter@cumc.columbia.edu.

Do you have an IT special need or request? Please share it with us!

While IT handles hundreds of routine incidents (something is broken) and requests (something is needed) each day, we also receive many non-standard requests. Typically, these requests involve a new software or service that we do not currently offer or a new system that will be needed in the near future. We call these requests “Ideas”. To start the IT review process for your ideas for any tech related projects (pilot, research, consulting services or application integration with Epic, etc.), submit a ServiceNow Idea to the CUIMC IT Project Management Office (PMO). Submission of a ServiceNow Idea kicks off the process to review security, determine if the solution is used elsewhere in the organization or can be expanded to the enterprise, and to address related IT questions. Bringing your ideas to IT early in the process is critical to ensuring that IT can help meet timelines and support these new needs.

Upon submission of the ServiceNow Idea, you will be contacted by a member of the PMO team to schedule a discovery call and route your project through the review process. If you have questions about submitting an Idea, please contact Tina Sarantos ts2808@cumc.columbia.edu. Anyone may make a suggestion or submit an Idea via the form linked here.

Help us protect our PHI and other institutional data!

A risk review is required for any system that stores, transmits, or processes any non-public CUIMC data. Depending on the sensitivity of that data, it might be a short review, a full certification or just a notation that the software is being used. A full review can take several weeks, so it’s in everyone’s best interest to get the review started as early as possible in the procurement process.
 
If you’re engaging a vendor to provide a service, purchasing software to run on a server, purchasing a new modality, or are just brainstorming a new project that involves IT resources, please reach out to our security team at security@cumc.columbia.edu or submit a request via 5Help or the Idea process. They can coordinate with the Information Security Office Risk Team to kick off the review process. The risk review can and should run in parallel with the purchasing process.
 
Columbia considers safeguarding sensitive data highly important, and your cooperation in participating in the risk review process is greatly appreciated. Please feel free to reach out to us via security@cumc.columbia.edu with any questions or concerns. Our goal is to assist you with this process whenever possible.

Standardized IT Recommendations at CUIMC 

The existence of a standardized environment is a hallmark of IT maturity as well as a best practice. While having the flexibility to use the devices and software that we individually or departmentally deem best fits our needs has its appeal, it comes at a great cost to the organization. IT embraces its role to help the medical center use technology to support business processes, and we are best suited to do so in an environment that leverages established standards. Lack of these controls adds to an overly complex ecosystem. When our available tools are well-known by staff, our ability to deploy and support them is less expensive and less cumbersome than in a complex environment.

The difference boils down to the knowledge our staff can possess to solve issues quickly and the approach and tools they can use. The use of “standards based” machines allows us to get things up and running almost immediately when we encounter issues by swapping one identically set up machine with another. Non-standard machines require more time to troubleshoot, often leaving us to rebuild machines from scratch and risk losing locally saved data. While standards may limit our freedom to use whatever device and software we want, they pay for themselves by reducing complexity, cost and time spent supporting technology. 

Ronin – AWS HPC

Deploying cloud resources is much easier than deploying physical infrastructure to a datacenter – it does not require the purchase and deployment of physical hardware. Many challenges exist, however, for researchers who want to deploy high-performance (HPC) computing clusters to analyze data in the cloud. Those who want to get HPC clusters up and running as quickly as possible without an in-depth understanding of cloud concepts such as security groups and cloud instance operation can look to Ronin. 

Ronin is a simple web application used by several research groups at CUIMC that can easily be deployed on the medical center’s Amazon Web Service (AWS) cloud infrastructure to help quickly deploy HPC workloads at a reduced cost. The Ronin environment allows researchers to worry less about computing infrastructure and focus more on analyzing data to solve the world’s health problems. 
 
Ronin interface is an easy-to-use graphical dashboard that helps create, monitor, and run GPU and CPU HPC workloads. AWS Parallel computing clusters can be created in minutes with a few clicks of a mouse. Today, due to health issues like COVID-19, CUIMC researchers need to accomplish more research in a shorter period to help save lives. Ronin and cloud computing offer them the flexibility to elastically scale compute resources to get HPC workloads completed quickly and only pay for what they use.  

Please contact cloud-services@cumc.columbia.edu if you have any questions and would like to learn more about Ronin and cloud computing at CUIMC.  

Cloud Services 

The Amazon Web Services (AWS) Cloud environment is up and running at CUIMC IT, offering several different environments based on need. Notable advantages include high performance computing, better security and increases in agility and scalability. AWS is built to scale without the limitation of on-prem environments, with servers up and running in minutes rather than weeks. Its use frees us from the upfront cost for hardware and maintenance in datacenter and disaster recovery locations. Datacenter and disaster recovery sites take time to build and are expensive to maintain. The cloud helps us to move to on-demand capacity and flexible consumption with AWS footprint reach and availability. 

This move puts us in the hands of people who provide world-class solutions on a global scale. At the same time, this will help us to increase strategic IT focus for the institution, rather than mundane hardware maintenance. We have 2 main areas of cloud focus currently: our server environment which will be migrated from on-prem, and virtual desktop interfaces (VDIs) to simplify management of desktops, increasing scalability, security, and security quarantine. 

Please contact cloud-services@cumc.columbia.edu if you have any questions and would like to learn more about VMware Cloud and cloud computing at CUIMC.  

Tips & Tricks

• You can increase the font on any website and on most applications by pressing the “Ctrl” and “+” or “command” and “+” keys simultaneously. Pressing “Ctrl” and “0” will reset the font to its original size. 
• Hitting the spacebar while browsing the internet allows you to move the scrollbar down one page. Hitting the spacebar and the shift key will allow you to move the scrollbar up a page.