Proving the Business Case for the Internet of Things

Kentucky healthcare provider deploys cyber security to protect smart medical devices

Steve Rogerson
September 8, 2015
Saint Elizabeth Healthcare, Northern Kentucky’s regional healthcare leader, has deployed a security system to detect critical cyber vulnerabilities in network-connected medical devices without taking them offline and endangering patient care.
Through this deployment, the IT security team claims to have tackled one of the biggest security challenges in the healthcare industry – securing smart medical devices that cannot be interrupted for active vulnerability assessments.
“Everything we do at Saint Elizabeth, including our security programme, is based on the principle of putting patients first,” said Harold Eder, director of IT infrastructure and security at Saint Elizabeth Healthcare. “CT scanners, MRIs, smart IV pumps – any of these endpoint devices may be running on outdated systems that leave the entire network vulnerable to attack, but you can’t perform traditional vulnerability assessments because taking the systems offline is risky and could diminish patient care.”
The healthcare provider is using the SecurityCenter Continuous View system from Maryland-based Tenable Network Security to gain visibility into medical device security and overall network status through a combination of active and passive scanning as well as advanced analytics. With the system, Eder and his team assess 9600 IP addresses and more than 300 medical device endpoints across five main campuses and more than 60 remote facilities. Continuous network monitoring provides a better understanding of cyber risk for the entire enterprise and allows the security team to focus on the tasks that will have the most impact.
With guidance from HealthGuard Security, an Ohio-based cyber risk management provider and a partner of Saint Elizabeth for more than ten years, Eder chose the system because it delivered the right combination of advanced analytics, real-time reporting and increased visibility into hard-to-see medical devices.
“When I looked at the challenges Saint Elizabeth faced, I knew they needed a comprehensive solution that would help with HIPAA compliance, improve visibility into critical systems and deliver high-level analytics and reporting capabilities,” said Apolonio Garcia, founder and president of HealthGuard Security. “After seeing the success of Tenable’s products with many customers over the years, SecurityCenter CV was clearly the right fit and the best product for Saint Elizabeth.”
Saint Elizabeth Healthcare operates six major facilities throughout Northern Kentucky and more than 110 primary care and specialty office locations in Kentucky, Indiana and Ohio. It is sponsored by the Diocese of Covington and is a member of the Mayo Clinic Care Network.
“SecurityCenter CV gives me a much more holistic view into what my priorities should be, so I spend less time figuring out the problems and more time fixing them,” said Eder. “The best part is that as our network evolves and our security programme matures, we will continue to get additional value out of SecurityCenter CV along with the continued assurance that our infrastructure and patients are well protected.”