An Extensive Network of Connected Devices With more than 30 community and school-based clinics, this hospital system provided care for over one million patient visits a year. Part of this care involved over half a million radiology exams, over 20,000 surgeries, and over 200,000 emergency visits. The sheer scale of this system relied on over 15,000 medical devices about half of which were network-connected and included infusion pumps, X-ray machines, and MRI and CT scan equipment. Any interruption in the availability or accessibility of these devices could have serious impacts on patient care and healthcare outcomes. A Major Security Challenge The network-connected devices enabled the healthcare teams to share health monitoring data and the clinical engineering team to perform remote maintenance. But with network connectivity came increased risk to the safety, availability, and accessibility of these devices. If unauthorized persons exploited vulnerabilities in device software or settings, they could disrupt the operation of the device or steal sensitive patient data. This healthcare provider wanted to make sure their medical devices were secure and that any issues were quickly addressed. Originally, the healthcare technology management (HTM) team had two separate device inventories, neither of which was interfaced with the other. They recognized the need for a single device inventory so they could track all devices for their full lifecycle in a consistent way, with common data fields. So they implemented the Nuvolo Maintenance solution. With this solution, there was detailed information captured about device owners, device make and model, software version, and device locations. The solution ensured unregistered devices added to the network outside of the intake process were identified early on. The hospital system quickly understood that to ensure their devices were safe, accessible, and available, they needed to add cyber security-specific features such as device discovery, monitoring, bi-directional data integration, and security risk scoring, all integrated with this single inventory. Just having an interface between an inventory and monitoring was not enough. That approach would provide useful information, increasing the accuracy of device information, and would allow the HTM to make basic decisions such as determining if a security event was targeting a specific device. But what was needed was a fully integrated inventory, device monitoring, and automated orchestration workflows to accurately share data across teams in a manner that could align processes and remediation. With this, they would gain the security context needed to collaborate with others to make intelligent decisions and reduce risk. Finding the Solution They turned to Nuvolo OT Security, enabling them to correlate security events across devices and automate orchestration with the Nuvolo work order management system to help perform more efficient mitigation on alerts and vulnerabilities. Nuvolo’s security event correlation minimized the overhead of having to analyze, match, and contextualize events across multiple inputs such as NIST (NVD, CPE), MITRE (CWE), and monitoring partners. This correlation helped them prioritize and remediate vulnerabilities and security incidents faster by not having to manually decipher and match numerous data sources. The final piece to complete their device security solution was critical. They needed to make sure that they had an automated process to create work orders against security event records, and they needed to create a shared dashboard view for the HTM and security operations center (SOC) teams in the process. To do this, Nuvolo OT Security leveraged the healthcare provider’s existing Nuvolo work order management system as a common platform between the IT Security and HTM teams, which facilitated the communication and coordination. Learn more about Nuvolo OT Security. Share
