How one health system tightened security

'I spend less time figuring out the problems and more time fixing them'
By Bernie Monegain
11:01 AM
Share
Cyber padlock

St. Elizabeth Healthcare in Northern Kentucky has added security muscle targeted at its network-connected medical devices by rolling out technology that monitors the devices for cyber vulnerabilities.

The health system tapped Tenable Network Security for nonstop network monitoring via the company's SecurityCenter Continuous View, which makes it possible to keep watch over the devices without taking them offline.

Through this deployment, hospital executives say, St. Elizabeth's IT security team has tackled one of the biggest security challenges in the healthcare industry – securing "smart" medical devices that cannot be interrupted for active vulnerability assessments.

"Everything we do at St. Elizabeth, including our security program, is based on the principle of putting patients first," Harold Eder, director of IT infrastructure and security at the hospital, said in a news release. "CT scanners, MRIs, smart IV pumps – any of these endpoint devices may be running on outdated systems that leave the entire network vulnerable to attack, but you can't perform traditional vulnerability assessments because taking the systems offline is risky and could diminish patient care."

St. Elizabeth's security team uses Tenable's SecurityCenter CV to gain complete visibility into medical device security and overall network status through a combination of active and passive scanning as well as advanced analytics. With the technology, Eder and his team assess 9,600 IP addresses and more than 300 medical device endpoints across five main campuses and more than 60 remote facilities. Continuous network monitoring gives Eder a better understanding of cyber risk for the entire St. Elizabeth enterprise,  and it gives him the opportunity to focus his security team on the tasks that will have the most impact, he added.

[Sign up for the new Healthcare IT News Privacy & Security Update.]

With guidance from HealthGuard Security, a cyber risk management provider and a partner that St. Elizabeth has worked with for more than 10 years, Eder said he chose the platform for St. Elizabeth because it delivered the right combination of advanced analytics, real-time reporting and increased visibility into the health system's hard-to-see medical devices.

"When I looked at the challenges St. Elizabeth faced, I knew they needed a comprehensive solution that would help with HIPAA compliance, improve visibility into critical systems and deliver high-level analytics and reporting capabilities," said Apolonio Garcia, founder and president, HealthGuard Security, in a statement. "After seeing the success of Tenable's products with many customers over the years, SecurityCenter CV was clearly the right fit and the best product for St. Elizabeth."

The platform, as Eder continued, "gives me a much more holistic view into what my priorities should be, so I spend less time figuring out the problems and more time fixing them," he said. "The best part is that as our network evolves and our security program matures, we will continue to get additional value out of (the platform) along with the continued assurance that our infrastructure and patients are well protected."

St. Elizabeth Healthcare operates six major facilities throughout Northern Kentucky and more than 110 primary care and specialty office locations in Kentucky, Indiana and Ohio.