Pediatric Health Care Provider Ensures Fast Remediation of Device Vulnerabilities

One of the largest pediatric healthcare providers in the United States, serving over a quarter million children across multiple locations each year, had to ensure it could continue to use the most up-to-date techniques and technology to offer complex clinical care.

To do this, they had previously relied on over 5,000 medical devices—including MRI, CT scan, and infusion pumps—that are connected to their network.  This network connectivity allowed healthcare teams to share health monitoring data, procedures, and outcomes more efficiently.

At the same time, however, the safety, availability, and accessibility of these devices were at risk. And any interruption of patient care could potentially have dire consequences on healthcare outcomes. If unauthorized persons gained access to a device, they could try to disrupt devices, steal data, or use access to one device to then gain access to other parts of the network.

For most businesses that deal with electronic protected health information (ePHI), compliance with the Health Insurance Portability and Accountability Act (HIPAA) is top of mind. This healthcare provider was no exception, and they wanted to make sure their medical devices were secure, and any issues quickly addressed.

The IT security team recognized that anything connected to the network could pose a risk. The problem was that when the IT security team detected unusual behavior on a device, they struggled to identify the device owner, device make and model, software version, and device location. There was no single device inventory with a common data format, and there was no easy way to normalize the data for consistency.

Remediation was simply taking too long. And when multiple devices were affected, children’s lives could be put at risk.

There was increased security scrutiny across the board by executive leaders. The HTM team and IT security team now had to adhere to increased security requirements for connected medical devices as well as data privacy and protection.

To try to safeguard their medical devices, the HTM team initially took a do-it-yourself approach.

They had already purchased a Nuvolo solution that handled device inventory and created and tracked maintenance orders. They had also purchased a device discovery and security monitoring solution. The team was attempting to integrate this combination to discover network connected devices and manage software updates and configuration settings to minimize vulnerabilities and safeguard the devices from security exploits.

During this process, they realized they needed a more fully integrated solution—one that provided the full context of an affected device or devices when a security event occurred, correlating the event to all other devices and automatically orchestrating the fastest possible response.

They chose Nuvolo OT Security for our fully tested, out-of-the-box integration with their security monitoring solution. With this integration, Nuvolo could meet their functionality requirements, which included orchestration, automation, and real-time response to security events. This enabled them to satisfy leadership scrutiny by quickly addressing device issues.

Nuvolo’s single device inventory replaced their multiple computerized maintenance management systems (CMMS). These systems were not designed for a multi-facility healthcare system or the demands of a mobile-first, network-connected healthcare system. The new single inventory consisted of common data fields with normalized data. This proved critical to ensure security events could be acted on quickly, and that authorized personnel were dispatched to the right location to correct a device issue.

Nuvolo OT Security then provided the ability to automate the process to create work orders against security event records, creating a shared dashboard view for the HTM and security operations center (SOC) teams in the process. We leveraged the healthcare provider’s existing work order management system as a common platform between IT Security and HTM teams, which facilitated the communication and coordination.

In addition, we enabled them to correlate security events to other devices and provided contextualization to help them respond more efficiently to alerts and vulnerabilities across multiple devices within the same timeframe.

The IT Security team members were signed on to use Nuvolo because they would be able to identify security events and reduce false positives, minimizing alert fatigue. We also provided implementation assistance, including tuning of security alerts to further reduce future false positive numbers.

The healthcare technology and security team also had specific device security events reporting requirements that we could meet by leveraging our out-of-the-box reports. Our reports can show exactly what security events are taking place on devices so that technicians can prioritize their remediation efforts.