Executive Summary
Yale New Haven Health System (YNHHS) is Connecticut’s largest healthcare provider and an internationally acclaimed industry thought leader. To best serve their patients they are constantly seeking to improve enterprise cybersecurity posture. A recent example project of YNHHS leadership in cybersecurity was to harden networked devices of all classes through surveillance. Claroty provided comprehensive and dynamic asset risk scoring, prioritization of remediation workflows and, through unification of analytics, measurable progress indicators. Future project phases, including a Maintenance Management Information System (MMIS) consolidation and Cisco ISE deployment, are now underway.
Challenges
YNHHS has grown primarily through acquisition and consolidation. As such, much of its infrastructure, policy and inventory has been siloed, making it difficult to get a clear view of the “big picture.” With a goal of overcoming these hurdles, leadership pushed for the prioritization of the following goals:
Generate a comprehensive connected asset inventory as a “single source of truth”;
Identify devices that store/transmit PHI and reduce the risk of new vulnerabilities;
Develop system-wide risk management processes that enable more timely, proactive response;
Obtain more dependable information for the analysis of asset utilization;
Strengthen cross-departmental collaboration.
Solution
After a competitive evaluation of the solution market, Claroty was selected. The speed at which Claroty delivered a comprehensive, risk scored inventory caught the attention of project leaders and stoked project momentum. Clinical Engineering and Information Security were provided the data each required. Device OS and Application versions, and details describing device security posture were combined with serial numbers, location histories (via WAP integration) and the network status of each device. Other key project milestones included:
The medical devices that store/transmit PHI were automatically identified and risk scored;
Existing vulnerabilities were identified and correlated to all potentially impacted devices;
Alerting on unauthorized device communications (internal and external) were provided;
System generated remediation instructions were delivered in an actionable, clinical context;
Never-before-seen utilization metrics are now used to improve PAR levels.
Results
Through integrations that are eliminating MMIS redundancies, a common data foundation serving staff across the system is being created. A significant network segmentation project (Cisco ISE integration) that leverages Claroty's device profiling and policy generation capabilities is underway. Device utilization data are now analyzed, especially in radiology, to inform more predictive maintenance and improve patient scheduling. Other care-critical device categories (e.g. ventilators, patient monitors, infusion pumps) are being studied for the same purpose and to improve capital planning.
“Our main goal was to gain visualization of the clinical and medical device categories on our network. Claroty is just as effective in other nonmedical categories of IoT and we prefer how that data is presented separately in their UI. This makes it available to us when we need it, but also easier to prioritize our efforts.”
Joe Ouellette, Clinical Systems Engineer
