Network failure during critical operations

A 180-bed private hospital in Beirut was operating its entire network on a single aging core switch — no redundancy, no segmentation, no monitoring. When that switch failed during a surgical scheduling window, clinical staff lost access to the HIS, radiology images could not load, and the ICU monitoring software dropped its server connection.

The outage lasted six hours before a local vendor replaced the switch with the same model. Three weeks later, a power surge killed the replacement. The hospital needed a permanent solution, not another patch.

They also had a secondary problem: the network was flat. Every department — clinical, administrative, billing, and the guest WiFi — sat on the same broadcast domain. A ransomware attack on one unpatched workstation in billing would have had direct access to clinical systems. The IT manager knew this. He had raised it three times. No one had acted.

Techaneyat conducted a full site survey across all four floors and the basement server room. We documented every switch, every cable run, every IP address in use — most of which were undocumented.

The architecture we designed had three layers. At the core: two enterprise-grade managed switches in active-passive configuration, connected by a direct fiber link. At the distribution layer: a managed switch per floor, connected to the core by redundant uplinks. At the access layer: PoE switches for IP phones, nurse call stations, and access points.

Network segmentation divided the hospital into six VLANs: clinical systems, administrative, radiology (isolated — DICOM traffic is heavy), guest WiFi, building management, and server infrastructure. Firewall rules between VLANs permitted only specific, documented traffic flows.

For power continuity, we installed a centralized UPS covering the server room and all core network equipment, sized at 150% of peak load to give 45 minutes of runtime, enough for the diesel generator to start and stabilize. We also replaced the aging AVR on the generator.

On the cybersecurity side: next-generation firewall with IPS, EDR deployed on all clinical workstations, and MFA enforced on every remote access account.

The entire deployment ran over three weekends to avoid disrupting clinical operations. We coordinated with the IT manager and department heads to migrate each floor individually.

The network has been live for 18 months without a single unplanned outage. During that period, Lebanon experienced two major grid failures lasting more than 12 hours — on both occasions, the hospital's clinical systems continued operating without interruption.

The cybersecurity posture change is more significant than the uptime number. Within the first 60 days of EDR deployment, the system flagged and blocked four attempted infections — two from USB drives brought in by staff, two from phishing emails that bypassed the previous email filter. None reached clinical systems.

The IT manager now has a live dashboard showing every device, every interface, and every alert. For the first time, the hospital has visibility into its own infrastructure.