A large healthcare provider made up of medical professionals, device technicians, and information technology security teams, working in multiple hospital locations, faced a problem. The doctors, nurses, and technicians use thousands of network-connected medical devices that play a key part in patient care. The process of tracking, sharing, and managing these devices was time–consuming, causing a backlog in patient care. There was no single device inventory to assist with device accessibility and availability. Instead, several systems stored bits and pieces of device information, with little or no common data format. More importantly, patient safety was a constant concern for the clinical engineering team. But security threats and vulnerabilities, which might cause disruption or data loss on devices, were not top of mind for them. After all, they were not security experts, and their primary focus was device resiliency. When unusual behavior was detected toward a device by the security team, and with missing or outdated device hardware and software data, there was a mad scramble to identify the device owner, find the device location, understand the context, and correlate the attack to other devices. Talk to Me: OT and Security There are two respective teams responsible for devices and for security. The clinical technicians who onboarded and maintained operational technology (OT) and the security team who monitor and respond to security events. The two teams were barely seated at the same table, with the technicians focusing on device safety, resiliency, and optimal utilization, and the security analysts concerned with protecting information. The other groups involved who actively use the devices, including the picture archiving and communication system (PACS) teams and the anesthesia team, placed top priority on safety and knowing what devices are available and their locations. It’s Not Enough: Utilization and Security Event Information The lack of collaboration between clinical technicians and the security team had two consequences. The device technicians could not ensure optimal device utilization because they had to deal with multiple sources of device data located in legacy systems, files, and spreadsheets. Devices would languish unused in one location while patients were waiting in line for other devices. And, when the security team saw unusual activity targeting these devices, they could see an IP and MAC address, but they had no other device information. This lack of a single trusted data source potentially resulted in device disruption due to security threats and vulnerabilities, where adverse patient outcomes or data loss could occur. Safety with Security It was time to act. What was needed was a single platform containing detailed device profiles, with normalized, common data fields, that enabled the entire device lifecycle to be followed. Every time a device was purchased, provisioned, maintained, and retired, this single device inventory would get an update. This platform had to be cloud-based and accessible from anywhere by mobile or laptop devices for field and remote support teams. The security team could then correlate this enriched device profile data with security event data in a single, intelligence hub. When unusual activity was observed for a device, the security team could see what the device was, the owner, location, last maintenance visit, and the latest software information. This intelligence hub would be built on a platform that would orchestrate and automatically initiate remediation workflows. This would create a work order to dispatch a device field technician or remote support engineer who would respond and correct the impacted device. Optimize Utilization Medical devices are expensive. To optimize return on investment, it’s important they are utilized efficiently. The single trusted data store would contain not only device hardware and software profiles but also the latest device usage information. And every time a device underwent routine maintenance, or a service call took place, the device information would get updated into one single source of truth. When hospital staff report that patient access to some devices is backlogged, underutilized devices can be located and reassigned from the intelligence hub. An Intelligence Hub for Device Safety With Nuvolo OT Security, the healthcare organization achieved a double benefit. It can ensure device safety along with optimal utilization by having device and security teams operate better together, responding faster to OT device threats while having one platform to observe and optimize device utilization. Nuvolo OT Security creates an intelligence hub consisting of a single trusted data store of device information integrated with security events from device monitoring solutions. The device data store replaced the multiple inventories and device records with a single SaaS-based solution. Nuvolo OT Security helps optimize safety, accessibility, and availability by providing context and correlation of security events across all devices. When a security event occurs, the security team not only knows who to dispatch, but they can also prioritize response based on threat risk and the number of devices affected. The single system of record is updated every time a device is purchased, arrives at the loading dock, is set up and provisioned. All of this is done via a web or mobile app. If there is limited network access, the information can be added in the field and then synchronized later. When device monitoring solutions detect an event, Nuvolo enriches their data with the latest device profile information. Along with the clinical engineer device updates, Nuvolo leverages the latest security information from sources such as the National Institute of Standards and Technology (NIST) vulnerability management data (NVD) along with the device monitoring solution information to help the security team quickly assess the unusual activity. Nuvolo then initiates a workflow to orchestrate an automated response that includes work orders to dispatch an authorized clinical technician to respond and work on this device. This response approach includes device tracking and ticketing so that the security team has an up–to–minute status on the response progress. As a result, the healthcare organization can operate devices that are less open to disruption, improving patient safety. With the intelligence hub, the device technicians and security teams have accurate visibility into detailed device information such as location, software and firmware upgrades, or a manufacturer recall. Nuvolo: A Single System of Record to Drive Maximum Device ROI Now that the healthcare organization has a single system of record, with detailed device profiles that include usage and location, they can deploy devices more effectively. When a device is overutilized or unavailable, a work order can be initiated to divert patients to an alternative device. This offers a tremendous improvement in device ROI. Learn more about Nuvolo OT Security by viewing a product walkthrough. Share
