About

TechNation is the primary monthly magazine and ultimate resource guide for over 12,000 medical equipment service professionals. Its diverse editorial and information helps biomedical, HTM, imaging and I.T. professionals keep their finger on the pulse of the healthcare technology community, helping advance their careers and further their profession.

Cut, Coag, and Compliance: A Practical Guide to Electrosurgery Testing | April 29
TechNation.TV | HTM Jobs | Right to Repair | Advertise
Subscribe

[Sponsored] A Medical Device Cybersecurity Success Story

4 Mins Read

Sponsored by Nuvolo

A Medical Device Cybersecurity Success Story

By Leslie O’Connell

Leslie O’ConnellIf you time-traveled from 1920, today’s medical devices would seem like something out of a science fiction novel. We can only imagine what life-saving devices will look like in the next 100 years; I’m sure they’ll be amazing, and I’m sure humankind will have fixed the cybersecurity problem by then.

But for now …

Cybercriminals are upping their game; attacks are now common occurrences. So much so that the FDA and DHS regularly issue warnings of potential vulnerabilities with common devices.

How do you build a robust medical device cybersecurity program across your health care organization? Here’s how.

Children’s Health Care

Our customer is one of the largest and busiest children’s health care systems in the U.S. They rely on thousands of network-connected devices to care for the 250,000-plus children they treat each year.

They needed to protect these devices. They needed a fully mature medical device cybersecurity solution. A solution complete with orchestration, automation and real-time response management.

Innovative Medical Device Cybersecurity Solution

Nuvolo is a modern CMMS with a robust medical device inventory and history database. We wanted to make sure that the medical devices our solution tracks and maintains are also protected.

First, we integrated our data-rich CMMS device inventory database with IoT security and medical device monitoring tools. Then, we built a medical device cybersecurity control center, complete with automation, discovery and tracking.

Our solution is designed for SecOps, IT, clinical engineering and facilities to work together, and designed for each to get the information they need from the system.

We act as a translation layer, pushing monitoring solution security event data through our cybersecurity tool to enrich those events. Whether it’s a vulnerability, active exploit, discovery event or utilization event – we track, automate and enhance orchestration.

Our console consists of two main queues EAM and EAM Security.

EAM queue

The EAM queue is the starting place for all the data and where the automation happens. It’s the translation layer; all events – discovery, utilization, security – are feed through key records for each event type.

All the device data is also coming through with the different attributes, you’ll want to take further action depending on those attributes and the event data.

That’s where action scripts come in; they are the rules and workflows created to drive automation. The action scripts are specific to each event type and they automate the work required to keep devices safe.

EAM Security Queue

The EAM Security Queue is your proactive security monitoring tool. It tracks what threats have been found in your medical device fleet, what you’ve done so far about those threats, and provides the data to monitor for new threats.

Here’s an overview of each section in the queue:

  • Assessments allow you to proactively compare your devices against Manufacturers Disclosure Statement for Medical Device Security (MDS2) data. It’s checking for devices that are missing key features of MDS2 guidelines.
  • Exploits list the security events and affected devices in your medical device fleet. You’ll see what threats or vulnerabilities were found, what’s been remediated and what’s still actively being worked.
  • Vulnerabilities automatically capture data from national vulnerability databases, like the FDA or ECRI, and uses that data to check against all network medical devices for proactive remediation workflows.
    • Cyber Security Dashboards give you feature rich, drill-down capable dashboards and reports. Here are some examples:
    • Security Event Dashboard: See the details of security events from the moment they hit the system to complete remediation.
    • Vulnerability Dashboard: Track vulnerabilities and see what was done and what steps you are taking to prevent an attack.
    • Manufacturers Vulnerability Dashboard: Understand which manufacturers and devices are opening you up to the most risk.

Our customer, the children’s health care system, implemented Nuvolo’s cybersecurity solution. Those medical devices being used to treat 250,000-plus children each year are more secure than ever from cyber threats.

For more information about Nuvolo OT Cyber Security to enable your health care organization to have a single device inventory, device monitoring and orchestrated remediation for security events. Visit https://www.nuvolo.com/solution/cyber-security/.

Leslie O’Connell is a Senior Content Specialist with Nuvolo. Nuvolo is the global leader in modern, cloud-based Connected Workplace solutions.

Share.

Related Posts

Add A Comment

Leave A Reply

X