Right now there are some 400 million connected clinical devices in use globally, and The Internet of Medical Things (IoMT) is forecast to be a $63 billion industry by 2024, as reported in an recent article from Mordor Intelligence. The healthcare organizations we have been talking with are struggling to keep up with monitoring and managing these devices. Based on discussions with different healthcare providers we have identified some best practices in the industry that we wanted to share with Healthcare Technology Management (HTM) professionals.
Challenges for Cyber-Security Related to Clinical Devices
With the proliferation of smart, connected clinical devices, HTM teams are entering uncharted territory when it comes to cyber security risks. We discovered that the approach healthcare groups are taking can be grouped into a phased approach for endpoint cyber security that is outlined below. Some organizations are further along their maturity roadmap for managing cyber security, but most of the ones we talked with are on this similar path.
Phase 1: Inventory Tracking for Connected Devices
The first phase we identified as the logical starting point on the maturity path for all health care organizations is about inventory tracking. The lack of up-to-date and accurate inventory of connected medical devices makes the process of segmenting those assets managed by HTM teams from the other IT supported devices extremely difficult.
A hospital might have thousands of medical devices of different types in deployment, so without a robust and low-touch inventory management process, administrators will not likely know which devices need to be updated to remediate new vulnerabilities or where those devices are located. Implementing a holistic approach for tracking ALL devices is paramount, and that includes the business process of onboarding new equipment so they are tracked immediately when the medical device is put into production on the hospital floor.
The health care organizations we spoke with all started with a full-scale audit and utilized a modern CMMS application to store the relevant information for their connected devices including IP addresses, MAC addresses, operating system, device category, manufacturer, model, current patch level, etc.
Phase 2: Device Vulnerability Identification and Remediation
The second phase on the maturity path of cyber security management relates to the identification of necessary updates to existing devices based on new security notices and recommendations. New vulnerability reports from the FDA, RASMAS, ECRI, NVD or directly from manufacturers, provide the actionable updates that are necessary for matching devices connected to a hospital network.
Using a standard search and filtering model within your modern CMMS solution you can identify all medical devices that match a specific criteria that requires attention. Once the list of matching devices is identified it can be used to create associated work orders and assign them to HTM technicians to perform the necessary security updates.
By feeding published security alert lists into your CMMS system you may be able to generate clinical maintenance events that will find any matching devices and create the associated remediation work orders immediately (see examples above).
Phase 3: Real-Time Device Security Monitoring and Automated Corrective Remediation
The most advanced cyber security management organizations that we talked with have made it to this final phase. They have designed and implemented real-time device monitoring for security alerts and merged it with automated remediation processing. By leveraging 3rd party monitoring solutions that integrate with their CMMS, these healthcare organizations have essentially closed the loop on determining the risk of a cyber-attack and implementing the remediation necessary.
Moving to full-service protection for business continuity means obtaining actionable data on security threats, understanding the risk, and swiftly executing on remediation. Without understanding the traffic flowing to and from medical devices through your network, problems are liable to go undetected. And that’s where these amazing, real-time monitoring solutions aid by using artificial intelligence (AI) techniques to determine the risk of a successful attack and recommend mitigating actions by feeding that information to a modern CMMS. Four examples of these real-time monitoring solutions include:
- Asimily
- Medigate
- ORDR
- Zingbox
Summary and Conclusion
The expansion of connected medical devices is not slowing down. Using a modern CMMS solution like Nuvolo will assist with the roadmap to a mature cyber security management model in order to:
- Reduce the complexity of tracking, analyzing and maintaining accurate device inventory
- Automate the remediation of security issues from known threat publications by device model
- Enable real-time security threat identification and automate remediation tasking
The extensive and accelerating use of interconnected medical devices means specialized tools and updated management processes are required, which along with basic cyber security hygiene, will help prevent breaches altogether. As such, managing cyber security for connected medical devices isn’t an option but a necessity for hospitals. To help ease the burden on HTM teams we have included many useful security compliance reports as templates within the Nuvolo toolset.
For more information, please reference our web page for cyber security or download our recent white paper.
https://www.nuvolo.com/solutions/cybersecurity
https://www.nuvolo.com/resources/cyber-security-eam-whitepaper