The Challenge A regional healthcare organization with over 15,000 healthcare professionals and more than 3 million patient visits a year relied on thousands of network-connected medical devices for patient care. The data generated by these devices was used to derive better and lower-cost patient outcomes. This device network connectivity also enabled the clinical engineers that maintained the devices to deliver better maintenance. But there was a concern that medical device vulnerabilities posed a security risk if a successful exploit caused disruption resulting in an impact on safety and reputation. The healthcare technology management (HTM) team wanted to lessen their risk landscape by identifying their network-connected medical devices while watching for exploits and recalls. The Problems with Their Legacy System The HTM team had invested in a computerized maintenance management system (CMMS) to try and capture all the devices used in the organization. The problem was that with thousands of devices constantly being added, moved to other locations, and then retired, it was hard to keep track of them all. The CMMS system was not designed for access to the system via the cloud or from mobile devices such as smartphones. The HTM team initially purchased a medical device discovery and security monitoring tool with the hopes of integrating it with their legacy CMMS. However, that proved to be a problem. This was because the device discovery and security monitoring tool implementation was a siloed medical device monitoring solution with no integration with their CMMS. And, due to the complexity of their CMMS, there was not going to be integration without a major customization effort. Their limited budget and stretched resources made such an effort impractical. Thus, attempting to quickly match security events with affected devices continued to be a problem. When the security team saw unusual activity targeting medical devices, all they could see was an IP and MAC address, but they had no other device information. Therefore, they struggled to build and manage an OT device security solution that included the ability to quickly remediate device issues once a security event was identified. In addition, with thousands of devices to manage, it would only take one successful exploit to potentially cause disruption throughout the organization. How Nuvolo Helped Nuvolo OT Security solved their problems. Our out-of-the-box integrations with their existing device discovery and security monitoring tool proved a game-changer. With Nuvolo Connected Workplace, they could replace their legacy CMMS system. Our SaaS-based solution provided a single trusted data source that’s updated every time a device was purchased and provisioned. All this is done via a web or mobile app from any location. With Nuvolo OT Security, the healthcare organization achieved a key benefit. Our solution ensured device safety by having device and security teams responding faster to OT device threats. The solution integrates the single inventory with security events creating an intelligence hub. With this, we could lessen risk by providing context and correlation of security events across all devices. When a security event occurs, the security team not only knows who to dispatch, but they can also focus on the response based on threat risk and the number of devices affected. When their security monitoring solution detects an event, we enrich the event data with the latest device profile information. We leverage the latest security information from sources such as the National Institute of Standards and Technology (NIST) vulnerability management data (NVD) to help the security team to assess the unusual activity. We then orchestrate an automated response with a workflow that includes work orders to dispatch an authorized clinical technician to respond and work on this device. This response approach includes device tracking and ticketing so that the HTM and security team can see when the device is corrected. As a result, the healthcare organization can operate devices that are less open to disruption, improving patient safety. With the intelligence hub, the device technicians and security teams have accurate visibility into detailed device information such as location, software and firmware upgrades or a manufacturer recall. Along with OT Security, Nuvolo Connected Workplace met their other clinical and facilities requirements, which included the ability to pull together device records, work order history, service contracts and parts information all in the same, reportable platform. Share
