Back to Blog

The Achilles Heel in Device Security Remediation 

Jun 03, 2020
By Tony Bailey

COVID-19 disrupted healthcare with cancer screening centers being transformed into COVID-19 testing sites and providers opening more intensive care unit (ICU) capacity. More recently, hospitals have been able to work through a backlog of procedures, prioritizing the sickest patients, but it remains a challenge with periodic COVID-19 surges. 

Ensuring the safety, accessibility, and availability of medical equipment during times of crisis is a top priority.  But medical device security issues can throw a wrench in the works. 

The last thing needed is for a device to be exploited and the device safety or operation disrupted. 

When this happens, it’s critical to have the device security context to make intelligent decisions and reduce patient and financial risk by orchestrating an automated workflow for the fastest possible remediation to correct the device.  

Challenges to Fast Remediation  

In healthcare, thousands of patients rely on life-saving medical devices. It may be an infusion pump delivering critical medication or an MRI machine helping healthcare professionals determine the next course of action. When one of these devices is exploited via a security vulnerability, catastrophic disruption to patient care can occurresulting in negative patient outcomes. 

Device monitoring tools do an excellent job of medical device discovery and security alerting and assessment. They provide some basic device information, but they are not designed to ensure coordinated remediation.  That’s because a device security alert needs to match to detailed device information, including device owner, device location, the latest software installed, who last worked on the device, and much more. Without that, the time taken to assemble the right people to address the alert can lead to long delays in correcting an affected device. What’s more, in healthcare, a highly regulated industry, only authorized technicians can touch a device.  

Know What You Know 

The problem in many healthcare environments is that the information about all these devices is stored in multiple device inventories across many facilities. These inventories may have mismatched or inconsistent data, so interpreting the device owner, location, and the latest software version in one system can be different from another. 

All of this can result in lengthy delays in assessing all the affected devices and prioritizing which ones to correct first. 

There’s an Alert. Now What? 

If a security event occurs, and the event is eventually matched to all the affected devices, the next problem is orchestrating the people, process, and technology. The device and IT teams need to work together to set up work orders, track the ticket status, and complete the remediation to everyone’s satisfaction. 

However, without a smoothly integrated device monitoring, single device inventory, and work order management system, remediation will take too long to get underway. 

Integration to Achieve Fast Remediation 

Nuvolo OT Cyber Security helps ensure the safetyaccessibility, and availability of medical devices.   

First, Nuvolo provides a single, trusted inventory system to manage the entire connected device lifecycle.  Regular, ongoing updates to this inventory take place when the clinical engineering team performs tasks such as routine planned or corrective maintenance, provisioning new devices, or installing device firmware or software updates.   

Shared Visibility of the Affected Devices 

Second, when a medical device is connected to the network or an OT cyber security event takes place, Nuvolo receives that information through an automated intelligence hub that uses device and security event information. A rules-based identification algorithm identifies the device or devices that are affected by the event or vulnerability. The key is that both the information security and clinical engineering teams can see the device’s full context. The intelligence hub also helps facilitate full knowledge and visibility of the affected devices including department, device owner, life-saving designation, and many other attributes, as well as the remediation process to be followed.  

Workflow Automatically Assigns Work Orders  

Third, Nuvolo OT Cyber Security will kick off automated remediation workflows that generate rules-based work orders with remediation or patching details and the device’s location in the building. This workflow automatically assigns work orders to an appropriate clinical engineer, information security analyst, or IT resource and tracks the work order’s progress through completion. 

Learn more about the importance of automated orchestration of cyber security remediation workflows, integrated with a single device inventory that’s interfaced with device monitoring tools. 

Visit https://www.nuvolo.com/solution/cyber-security/