Case study: Cybersecurity, hybrid cloud spur St. Joseph’s Health data center upgrade

This article is part of a VB special issue. Read the full series here: The future of the data center: Handling greater and greater demands.

When Jesse Fasolo joined St. Joseph’s Health nine years ago, the Paterson, New Jersey-based medical institution was easily 10 to 20 years behind when it came to digital transformation. 

“In healthcare in general, budget is always a concern,” said the healthcare company’s information security officer and head of technology infrastructure and cybersecurity. “That led to the environment being so behind-the-times: the lack of implementation, lack of investment in new technologies.”

Eight years later, St. Joseph’s has gone through two full transformations, completely overhauling its data center and dramatically improving compute and storage capabilities (not to mention now leveraging AI and exploring a hybrid cloud future). 

“We had spinning discs, a large footprint, large power-hungry infrastructure that we have since consolidated,” said Fasolo. “Now I could put the data center in my dining room.”

A complex, cobbled-together data infrastructure environment

Tasked with bringing St. Joseph’s Health into the 21st century, Fasolo began by immediately analyzing all of its network technologies. 

The biggest issue, he said, was the complexity of the data infrastructure environment. There were multiple storage areas from multiple providers, some in support, some out of support. 

“Technology in general needs to be simple for people to manage it,” Fasolo said. 

Naturally, downtime is a big concern in healthcare, as it has a direct impact on patient care. In this regard, he likes to say that “minutes matter.”

Daily issues with system performance slowed down clinicians and IT staff, he explained, and it was almost impossible to leverage real-time data for patient care. Furthermore, Fasolo estimated that it would take 247 days to recover from a ransomware attack.

“We battled fires every day just to keep systems running,” he said. “Something as simple as a mass email with a PDF could cut into performance, keeping patients waiting to be admitted or doctors waiting for lab results.”

Flash-forward, active-active

After his initial assessment, Fasolo started examining tools that could increase uptime and provide flexibility while also being cost-conscious — because, as he put it, “How do you buy and acquire technology when you don’t have many funds?”

He ultimately settled on Pure Storage. The data storage hardware and software provider helped St. Joseph’s upgrade its storage and compute environments and eliminate all storage with spinning discs. “We are now a totally flash-forward, flash environment,” said Fasolo. 

The facility also did an “active-active” deployment five years ago. This data resiliency architecture distributes workloads across two or more nodes in a cluster to keep data safe and available in the event of an unexpected component failure. 

Additionally, St. Joseph’s is now able to use AI. In radiology, for instance, AI reads images, identifies anomalies and makes recommendations to specialists to help improve read accuracy and hasten treatment. At an operational level, the healthcare facility is able to query live data to track revenue trends, hospital utilization rates and patient status. 

Fasolo pointed out that the St. Joseph’s–Pure Storage partnership has enabled the healthcare facility to buy in smaller quantities and undertake deliberate, continual growth. St. Joseph’s typically performs a large annual expansion of data storage and capabilities based on trends. Currently, it is going through another iteration of compute and server upgrades.

A security-aware data center

When it comes to cybersecurity, “aware is a key word,” Fasolo said. 

It is critical to understand what could happen and plan accordingly, he said. Pure’s cybersecurity tools allow lock and two pin codes, and St. Joseph’s uses “MFA (multi-factor authentication) for everything we can.”

Should an attack occur, the healthcare facility can recover using immutable snapshots. The facility performs daily backups and snapshots every 15 minutes; the latter can be easily referenced if a bad actor attempts to do anything malicious.

“We have multiple layers of security defense,” said Fasolo.

Improving performance and reliability — and most importantly, patient care

Across the board, St. Joseph’s has seen improvements in performance and reliability for clinical applications. Interruptions to hospital operations and patient care have been minimized, and clinicians can access medical data in seconds to reduce wait times.

Email backups take two hours instead of four days, and users’ login times have been reduced from minutes to seconds.

Fasolo pointed out that “most clinicians and healthcare workers on the front line are not concerned with technology on the backend data center.” However, they are aware of significantly decreased outages and downtime, and they are “appreciative that technology is sustaining them and allowing them to work efficiently.”

Leveraging hybrid cloud

Looking ahead, Fasolo plans to move some workloads to the cloud, notably to archive data for compliance purposes. 

The trend in healthcare is toward “cloud-capable, cloud-hybrid” tools, he noted. Having hybrid storage and cloud block storage will allow St. Joseph’s to continue to use on-premise storage and compute while also having the option to go to the cloud to lower costs (compared to migrating all workloads to the cloud). Ultimately, this would provide another layer of recovery if the facility had an issue and needed to recover storage.

“Management and migration is something we’re after,” said Fasolo. “We need to have it as simple as can be, allow for automation where possible. When you put in something too advanced, you need more staff, more training and development, all of which will lead to burnout, failure, maintenance issues.”

Getting buy-in: Emphasizing business outcomes, not technologies

Healthcare is notoriously slow when it comes to digital transformation because of concerns around data privacy and compliance, among other factors. Getting buy-in from senior leadership is critical — but it must be approached the right way, said Fasolo. 

“Any leader in technology, infrastructure and security needs to align with the business, befriend senior leaders and explain in business terms what the investment will do for the entire company,” he said. 

A new data center tool can’t just be seen as a hardware or software product or explained in technical terms. Instead, IT leaders should lay out how technology can support strategic roles.

“When you start changing tone from a hardware IT purchase to enabling a company’s purpose, people start listening,” he said. 

From there, it’s important to show tangible performance, sustainability and improvements in efficiency to build trust. That can snowball into support for future initiatives. 

Fasolo also advised IT leaders to assess multiple vendors and go through proof-of-concept and implementation planning with vendors themselves — not resellers. The best partners provide not only technology tools but quick response and turnaround and remote and in-person support, he said. 

Ultimately, in healthcare, it all comes down to expanding patient care capabilities, Fasolo emphasized. That means improving time efficiencies, eliminating deficiencies and decreasing the time required to maintain IT environments.

“If I can make a physician or clinician’s capabilities faster, it obviously helps me sleep at night,” Fasolo said, “and it also allows me to help the facility maintain its mission.”