Nuvolo OT Security Protects Medical Devices, Coordinates Response
Cyber security is a top-of-mind concern for healthcare organizations, especially when it comes to the medical devices that support patient care. In recent years, the vulnerability of connected infusion pumps and patient monitors has been exposed by high-profile ransomware attacks, such as WannaCry, and experts say the risks will grow as Operational Technology (OT) devices (e.g. Medical Devices, Laboratory Devices and Facilities Devices) proliferate.
To address these complex cyber security needs, Connected Workplace provider Nuvolo has introduced its OT Security solution to identify and remediate vulnerabilities in OT devices.
The solution also coordinates the remediation process among key business lines (clinical, IT, and facilities operations) to improve efficiency and keep all stakeholders informed.
Medical Devices have always been key focus for Nuvolo. Its popular Connected Workplace solution, built on the ServiceNow platform, offers hospitals a centralized view of reported issues and scheduled maintenance across support teams, creating “an 'Amazon-like' experience in the workplace to consolidate support and deliver an amazing customer experience," according to Ben Person, VP of Product Marketing for Nuvolo.
→ Healthcare IT Leaders is a Nuvolo Elite Partner. Read the News Release
OT Security is a natural extension of Nuvolo’s core solution, offering a coordinated, centralized management solution for OT and IT security use cases.
“Cyber security is a major concern. It’s pervasive event management and vulnerability management, but it doesn’t need to be complicated,” said Person.
Automated Remediation of Security Threats
Connecting the dots between OT Security and IT Security is critical, according to Person, because many organizations are focused principally on IT use cases, such as network attacks. But IT-centric scanning and monitoring systems may not necessarily identify whether an affected device is a medical device or tell organizations where the device is, or if a patient is currently connected to the device. Absent this information, acting on an alert often requires sending a Clinical Engineer out to physically locate the device for remediation.
“That’s a very manual process oriented around time-consuming human intervention. All while data is leaving the network or a device is being taken over and patient safety is compromised,” Person said. “It’s a major risk for hospitals.”
OT Security enables organizations to identify threats and automate remediation in their mission-critical, non-IT devices. Security alerts are identified through integrations with partners such as Cynerio, Medigate, Asimily, Ordr, Cyber MDX, Palo Alto Networks and ServiceNow Security Operations. These alerts are fed into an intelligence hub, which includes a database of a hospital’s entire set of devices and details – including manufacturer, model number, serial number, location, and the assigned technician.
When an alert is identified for an individual device, OT Security automatically creates a work order, so the clinical engineering team knows exactly which device is affected and what steps need to be taken to remediate the problem.
In the event of a cyber security incident such as WannaCry or 2019's BlueKeep, IT teams can use Nuvolo’s solutions to also identify a threat, quarantine the devices that have been impacted, and patch the devices so that they can quickly return to supporting patient care.
Healthcare IT Leaders was one of the first consulting firms to join the Nuvolo partner network and recently advanced to Nuvolo Elite Partner Status. If your organization is looking to better secure medical devices or to centralize asset management solutions, contact us today to learn how we can help.