One of the many challenges facing healthcare delivery organizations (HDOs) is assessing and managing vulnerabilities for their connected medical devices. Assessing vulnerabilities, confirming exploitability, and identifying risk remediation options are critical for HDOs, as these devices are directly connected to patients. Any exploitation of them can potentially interrupt care delivery or cause serious harm. What makes this more challenging is how scattered the needed information is. Without a single source to look at, HDO staff are left in a reactive mode calling device manufacturers to receive vendor guidance and insights into remediation options.
Claroty has been working directly with medical device manufacturers (MDMs) to proactively close the communication loops so that HDOs can rapidly assess their fleet and determine the impact of correlated and published vulnerabilities. One of the charter members of this project is Baxter, and at VIVE 2022, we jointly shared how collaboration can help improve cybersecurity for connected medical devices. We plan to expand this collaboration to any willing MDM partners, and the goal is to close the vulnerability management loop between HDOs and MDMs. It promotes the idea that Medical Device Manufacturers (MDMs) can enhance HDO cybersecurity by collaborating with Claroty and leveraging our IoMT cybersecurity platform to communicate manufacturer cybersecurity guidance to HDOs proactively.
HDO Vulnerability Management Challenges
Whenever a vulnerability is correlated with a medical device, its dependent operating system, or 3rd party applications that comprise the medical device system, it takes hours of work for the HDO to confirm exploitability and its impact on patient safety operations. HDOs frequently contact multiple medical device manufacturers (MDMs) every week to confirm vulnerabilities, assess risk, and seek manufacturer guidance. The work is scattered, and accurate information can be challenging to obtain at all stages of the device lifecycle. The status quo and disparate vendor security portals are time-consuming, fragmented, and burdensome for the HDO teams to self-manage on a reactive, case-by-case basis. They often lack a complete system view inclusive of the operating system, software bill of materials (SBOM), and present 3rd party applications. A new approach is needed.
Claroty – Baxter Proposed Solution
Being a good cybersecurity partner is a growing part of the symbiotic relationship between MDMs and HDOs. Claroty enhances this relationship by creating a vulnerability management communication loop between MDMs and HDOs. The resulting tech-enabled solution supports sharing at-risk devices with MDMs who can triage and assess the affected devices for exploitability and risk. After the MDM assessment, the vendor can confirm exploitability and offer HDO guidance via the Claroty dashboard. By doing so, we eliminate the manual and repetitive process that HDO teams face today. Now MDMs will know the full impact of published and confirmed vulnerabilities, while HDOs will quickly learn the supported actions they need to secure their devices.
Establishing a vulnerability management loop between HDO’s & Manufacturers
A new and improved workflow replaces the manual approach performed today. Information is aggregated for MDMs and HDOs via the Claroty platform, and an automatic workflow between MDM & HDO is created to:
Share Information - Claroty share potential vulnerable devices with MDMs
Assess Devices - MDM product security team assess vulnerabilities and exploitability
Respond - Claroty reviews MDM guidance and pushes confirmed responses to HDO’s
Summary
Post-market cybersecurity management requires an ongoing commitment. Claroty and MDM collaboration help HDOs:
Save Time – Streamline HDO access to manufacturer confirmed vulnerabilities & guidance to save time and eliminate HDO manual triage and follow-up emails and calls.
Receive Proactive Communication – MDMs can leverage Claroty’s dashboard to communicate cybersecurity information to multiple HDOs in one fell swoop.
Be Efficient and Productive – Information security teams can be more productive and leaner when Claroty and supporting MDM alliances do the heavy lifting.
Safely Deliver Connected Care – we help providers deliver connected care safely and without disruption by providing insight into risks before they become problems.
Claroty Security Alliance & Partner Certification Program
We are looking forward to continued collaboration with Baxter and several other MDMs. The resulting security alliance adds value to HDOs and MDMs alike, with participating MDMs differentiating their products and services by leveraging accurate device profiles and distribution information. Moreover, the opportunity to better support HDOs from pre-procurement through end-of-life is welcomed news to HDO buyers who want a good partner who understands that cybersecurity is an ongoing commitment.
Those MDMs who participate in the Claroty Cybersecurity Alliance can also become Claroty Certified. This collaboration forms a community that shares a vision for tackling medical device cybersecurity gaps, sharing information and software bill of materials (SBOM), and creating long-lasting value for healthcare providers and organizations.
