The health system receives threat intel feeds to notify it of critical risks, Parchinski adds. Then, the IT security team takes steps to address the vulnerabilities.
By using Medigate, Yale New Haven Health reduced the time required to receive notifications of infusion pump vulnerabilities. Previously, it would take a couple of weeks to receive a notification; now, they come the same day, according to Stanton.
In addition, Medigate provides a centrally managed view into critical vulnerabilities to help with the IT security team’s decision-making. In the past, Yale New Haven Health would shut down a port and take two days to find where a vulnerability was connected. That time has been reduced to within an hour, according to Parchinski.
To view the big picture of threats, Yale New Haven Health IT leaders prefer a multiscreen setup to tracking threats on their mobile devices. The 24/7 security and network operations center uses large HP screens. “It would be tough to manipulate what you need to do on a mobile screen,” Parchinski says.
Stanton does receive text alerts from his security and network operations center on an Apple mobile device. Although he prefers Android’s open platform, Apple mobile devices have worked out better from a security perspective, he says.
EXAMINE: How to approach connected-device security from a zero-trust perspective.
Franciscan Alliance Maintains Awareness Through Passive Scanning
Similar to Yale New Haven Health, Indiana-based Franciscan Alliance also finds tracking medical devices challenging. Information Security Officer Jay Bhat is responsible for securing about 13,000 medical devices.
“We spend a lot of time partnering with our clinical engineering teams to make sure that we understand the devices on our network, the different versions that we have,” Bhat says.
The IT team works with clinical engineering and, in many cases, the device manufacturers to patch and upgrade them.
To manage device inventory and maintain situational awareness of its network, Franciscan Alliance uses the Ordr Connected Device Security platform. Ordr’s sensors attach to network ports at Franciscan Alliance, and the platform’s dashboard provides visibility into the categories of devices on the network.
For example, Bhat can opt to view IoT devices as well as subcategories, such as types of mobile phones and operating systems. Bhat can also view the versions of medical devices and data related to them.
Although medical device manufacturers usually disclose vulnerabilities, Ordr provides this information as part of a “single pane of glass for all devices on our network,” Bhat says.
Ordr also offers a risk rating to let health systems prioritize vulnerabilities. Franciscan Alliance uses machine learning to spot unusual data patterns, Bhat says.