Cyber security risk for healthcare systems is pervasive as more medical devices are enabled on the network and susceptible to threats and vulnerabilities. Adverse patient outcomes, loss of patient data and the risk of cyber threats, such as ransomware represent a clear and present danger. Exposure is compounded by the silos that exist between IT, security and clinical engineering. A second key risk vector is the absence of actionable data that limits assessment capability, response time and effectiveness. Unlike IT assets, most medical devices or operating technology are unknown to legacy discovery, monitoring and vulnerability management systems. While new discovery solutions are starting to provide basic medical device information, the security operations team has access to little or no contextual data in the event of published vulnerability or actual cyber security incident.
The incident response process for medical device vulnerabilities typically begins with security operations discovering aberrant or anomalous behavior from an IP and MAC address on the network. The goal is to quickly discover the event, initiate an incident and prioritize, assign, route, track and remediate the affected medical devices.
Unfortunately, there is disparate data and a language barrier within the healthcare system where communication and collaboration are essential to solve the problem. Almost all healthcare systems invest responsibly in traditional IT security tools. These tools protect the network and monitor it for suspicious or anomalous behavior and serve as the eyes and ears for the health system.
At the same time, the healthcare system has multiple CMMS or EAM solutions responsible for providing a contextual understanding of the network connected medical devices such as location data, department and service management history. In the event of a vulnerability or incident, clinical engineering is responsible for identifying and prioritizing internal, service provider or OEM resources to mitigate the risk in a manner that is e icient and timely. Clinical engineering serves as the arms and legs for the health system to ensure remediation is completed or prioritized to the appropriate resources.
A critical disconnect for the health system is the gap in identification mechanisms for the a ected medical devices across these two internal functions. The security operations team sees an IP and MAC address behaving in an anomalous way. The clinical engineering team owns the rich contextual data within multiple CMMS or EAM solutions making it very di icult to verify and match medical device identities. The challenge is building a bi-directional bridge between these two important internal functions and creating a single, trusted source of medical device data.
Nuvolo and ServiceNow solve this problem by creating a single system of record that matches an IP and MAC address identified by ServiceNow to the rich contextual medical device data within the cyber security platform provided by Nuvolo. The integrated solution serves as the brain and directs the arms and legs in clinical engineering to react quickly and accurately to what the eyes and ears are seeing within security operations.
Nuvolo and ServiceNow o er innovative new capabilities by combining powerful cyber security management with an enterprise security response engine to quickly and e ectively mitigate published medical device vulnerabilities or cyber security incidents. The integrated solution is 100% built on ServiceNow and provides a healthcare system with a single platform for full lifecycle security incident identification, assessment and medical device cyber security risk mitigation.
The integrated solution uniquely enables end- to-end medical device cyber security incident creation and remediation process control to protect the health system and its patients. Together, Nuvolo and ServiceNow provide full medical device contextual data, system of action and streamlined remediation workflow, while automating the tracking of security issues and minimizing the risk associated with prolonged medical device identification, risk assessment and remediation.
The bi-directional integration provides for auto-ingress of Security Operations incidents into the Nuvolo platform for contextual enrichment of incident data, risk assessment and initiation of critical notifications and workflows. The result is better, faster and more e ective medical device remediation or deployment of mitigating controls. As both solutions are built on ServiceNow and share a single CMDB, the bi-directional flow of data, reporting and workflow are seamless and 100% integrated.
Better Remediation, Proactive Cyber Planning & Reporting
ServiceNow enables granular usage and parsing of contextual medical device data to inform security operations on the precise nature of a published vulnerability or cyber security incident. The contextual data and workflow from Nuvolo inform remediation, operationalize mitigating controls, drive prioritization and examine the entire medical device inventory. The goal is to fix the problem, but also utilize native matching algorithms to auto-review the inventory data for other at-risk medical devices. Proactive measures can then be taken to avoid cyber security risk in advance of a published vulnerability or incident.
All activities between Nuvolo and ServiceNow are recorded, time and date stamped and available as data for reporting, post-incident review, learning and assessment.
The Nuvolo and ServiceNow integrated solution provides the healthcare system a single medical device cyber security response platform that mitigates risk and facilitates better, smarter and faster response and remediation. The Nuvolo platform with native integration for ServiceNow Security Operations is available from the ServiceNow Store for customers of both ServiceNow Security Operations and the Nuvolo Medical Device Cyber Security platform.
Nuvolo is revolutionizing medical device cyber security by innovating on ServiceNow, the world’s leading enterprise cloud platform. The company’s vision is to be the global leader in cloud-based cyber security for network connected medical devices, powered by a culture of innovation and a relentless commitment to customer service. Privately held and founded in 2013, Nuvolo is headquartered in Paramus, N.J. with o ices throughout the U.S. and internationally in London and Pune, India.
For more information, visit www.nuvolo.com.
ServiceNow was started in 2004 with the belief that getting simple stu done at work can be easy, and getting complex multistep tasks completed can be painless. From the beginning, Service Now envisioned a world where anyone could create powerful workflows to get enterprise work done. Today, ServiceNow’s cloud-based platform simplifies the way we work through a structured security response engine. ServiceNow Security Operations automates, predicts, digitizes, and optimizes security and vulnerability response to resolve threats quickly based on business impact. Reduce manual processes and increase e iciency across security and IT teams. ServiceNow is how work gets done.
For more information, visit www.servicenow.com.