June 8, 2018

Toby Gouker • Vice President of Strategy

Medical Device Security Starts With An Accurate Inventory

You can’t protect what you don’t know. Getting a handle on the security of your medical and other connected devices in your healthcare facility starts with getting a handle on the inventory. Simple concept, yet why are so many healthcare organizations struggling to get a real accounting of what is being used to serve their enterprise? Many institutions feel they have a grasp on the inventory because they can point to accounting records for purchases. Once their project begins though, they are surprised to learn how inadequate accounting inventories tend to be. Historically, an organization decides to bring in a team of individuals to walk the facility and get an actual physical count of the equipment and its location along with age, operating parameters, and security features.

Today, the path forward to an accurate inventory count can be different. With the advent of big data analysis techniques and machine learning algorithms, vendors are taking advantage of the reams of data that network traffic sniffing tools can deliver and are discerning volumes of information from the data collected on their intranets. Working with small appliances placed on your network, typically at Layer 2, these appliances inspect large volumes of packet communications and run it through a deep machine learning algorithm to discern equipment type, manufacturer, model, operating system and many other factors of interest to clinical engineering and security professionals.

From AWS, BlueFlow and CloudPoint all the way to ZingBox, there are already many vendors who can provide you with an inventory discovery tool to include as part of you medical device security management program. Here are five quick questions you may want to ask to help you find your solution from this rapidly growing list of options:  1) How long have you been providing this solution? 2) How many healthcare deployments have you made? 3) Can you interface with my SIEM and other security management tools? 4) How many appliances will I need to install? 5) Can the solution augment network security architecture?

First is here to help you get answers to these questions and many more as you develop and/or improve your medical device security management program. We can even help you get answers to non-security aspects of these connected asset discovery tools. Given that they are always on and always monitoring device operations, many of these tools can also be put to use by your clinical engineering teams for resource leveling studies, new purchase planning and even reconfiguring maintenance schedules and equipment SLAs.