Medigate Digital Supplement

Page 1

Vol. 11



Turn Device Data

into Possibilities Simplifying Device Management and Security with Medigate

DIGITAL SUPPLEMENT FEATURED INSIDE P.2 Where There’s Data, There’s Opportunity


P.4 Hidden Opportunities to Cut Costs & Improve ROI P.5 Video: What’s Next for the Cybersecurity of Health Systems P.6 What Happened When Torrance Memorial was Tested by Urgent/11 P.8 Data Unites Biomed, IT & Security P.9 Complete Device Data, Endless Possibilities

DISCLAIMER: MD Publishing (TechNation) takes every precaution to ensure accuracy of content; however, the information, opinions, and statements expressed in the articles and advertisements herein are those of the writer and/or advertiser, and not those of our company.


n today’s dynamic healthcare environment, managing medical devices is increasingly complex. With more devices than ever moving around the health system, particularly with the explosion of Internet of Medical Things (IoMT), biomed and clinical engineering teams have their hands full. They need to simultaneously manage the lifecycle of all their assets to increase their return on investment (ROI), improve operational efficiencies, and optimize the delivery of patient care, while ensuring compliance (the average healthcare system has to comply with 629 regulations).

Unfortunately, the information they need is often time consuming and elusive to get. Forty percent of biomed’s time is spent on low-value tasks like searching for equipment. Most have to invest in and then rely on manual data entry into their computerized maintenance management system (CMMS) to keep track of their assets, which is error prone and typically incomplete. This makes it extremely dif-



ficult to make informed decisions around procurement, deployment, maintenance and management to ensure the inventory is able to deliver on all the hospital’s safety, efficiency and availability requirements. Medigate can help.

REAL-TIME VISIBILITY TO SIMPLIFY DYNAMIC ASSET MANAGEMENT The Medigate platform automatically discovers all the connected medical devices in a hospital system, providing biomed and clinical engineering teams an accurate, comprehensive real-time inventory of all their assets that can inform their decision-making. The inventory includes details on the device’s make, model, serial number, communication protocols, embedded software versions, as well as location and utilization data. This ensures organizations have all they need to make data-driven decisions that improve the efficiency of their operations, while maximizing the delivery of patient care.

HOW MEDIGATE SOLVES BIOMED CHALLENGES ENHANCE CMMS VALUE The CMMS is typically the main source of information for managing the lifecycle of medical devices. Medigate integrates with the CMMS platform to provide real-time medical device related analytics that help biomed teams make more informed decisions around utilization, procurement and maintenance, while streamlining their operational processes. As soon as Medigate discovers a device or detects a modification, it automatically logs this information in the CMMS, enhancing asset inventories to ensure effective service management and automating tasks that free the team from manual, time-consuming processes. IMPROVE PROCUREMENT It can be tough to plan for the future without a real-time picture of what assets the hospital has now and how those assets are being used. Medigate provides



visibility into exactly what devices are where and how frequently they are being used to improve procurement planning and ensure appropriate periodic automatic replenishment (PAR) levels are maintained. This helps healthcare organizations avoid both costly rush orders and overprovisioning (supply hoarding), enabling them to better plan for a steady state of care delivery. SCHEDULE MAINTENANCE Due to a lack of information on device utilization, biomed and clinical engineering teams often schedule maintenance based on specific timeframes (every six months, every year). Devices that are over or underutilized, may not be getting the maintenance they need to extend their life and ensure optimal performance. Medigate enables teams to plan and track maintenance based on usage instead of time, enabling the hospital to move from preventative to predictive maintenance to be more effective. Hospitals can improve the reliability and availability of the devices, preventing downtime from equipment failures, while dramatically reducing labor hours. SCHEDULE PATCHES Staying on top of every cybersecurity vulnerability and patch is a critical, but a challenging task. Often teams have little to no visibility into which devices have the software that makes them vulnerable to exploit, nor do they have an understanding of the relative severity of a vulnerability to effectively prioritize efforts. Medigate pulls in alerts on vulnerabilities and patches, highlighting them in the dashboard to help biomed teams understand their environment’s exposure. Medigate displays operating system and application version data for each device, as well as alerts about available new software versions, patches and CVEs relevant to a hospital’s current inventory, so teams know exactly what needs to be done and can schedule patches accordingly.


OPTIMIZE DEVICE UTILIZATION Most hospitals have 25% more devices than can be used at one time, so it’s probably not shocking the average utilization of medical devices in a hospital is 42%. This means there is plenty of room for improvement. Medigate provides the real-time visibility needed into which devices are online/offline and how they are performing to improve planning and decision-making around their utilization. For example, how many scans a CT runs in an hour, day, week, and month can be tracked to identify patterns and opportunities to redeploy that device or adjust patient flows to maximize the return on investment. PURPOSE BUILT ASSET MANAGEMENT PLATFORM FOR MEDICAL DEVICES Medigate developed its device security and asset management platform to address the specific problems medical devices represent for healthcare delivery organizations. Medigate Labs has invested in documenting medical protocols and mapping clinical workflows to build out the largest, most complete medical device database in the industry. As a result, Medigate can provide hospitals the details they need, including: the manufacturer, make, model, protocols, embedded software, and workflows (clinical context) of each device, as well as its location and utilization, to make better procurement, management and maintenance decisions. HOW TO OPERATIONALIZE DEVICE DATA TO DELIVER NEW VALUE The granular visibility that Medigate delivers enables hospitals to understand what is in their environment and how those devices are being used, so they can: • Maximize device deployments to improve return on investment • Track devices to ensure the efficiency of care • Examine historical trends to build out long-term inventory management strategies and optimized procurement, patching and maintenance schedules • Operationalize PAR level reductions

Simplify every aspect of the asset management lifecycle Automating the discovery of devices in the environment and providing real-time visibility at the level of detail needed to make better procurement, maintenance and management decisions.

Reduce costs Reducing unnecessary capital expenditures and improving procurement and PAR level management.

Increase operational efficiencies Eliminating manual processes and time-consuming practices, even as the scope and complexity of the health system grows.





CYBERSECURITY OF HEALTH SYSTEMS NEXT-GENERATION DEVICE SAFETY AND SECURITY PROTECTION TRIMEDX and Medigate are delivering an integrated solution that merges the TRIMEDX CAM Advanced and CYBER Advanced solutions with Medigate’s real-time visibility, utilization data and threat/vulnerability detection. Through this partnership, Medigate and TRIMEDX address device safety and security monitoring, threat detection and remediation in a closed-loop system, marrying best-in-class industry expertise in both technology and people. Medigate’s platform continuously reviews network activity, quickly identifying anomalies that are escalated for review, while a dedicated team of TRIMEDX clinical engineering cyber specialists proactively searches for known vulnerabilities, monitors supplier response to known risks, and applies approved patches. In addition, recognizing the unique expertise required to manage the cyber risk of medical devices, all members of the TRIMEDX CybersecuriSPONSORED BY MEDIGATE

ty Team receive approximately 200 hours of dedicated training through the TRIMEDX CYBER Academy. All data is tracked through the TRIMEDX proprietary work order system to keep clients continually apprised on the status of remediation. A CONCRETE WAY FORWARD By merging the TRIMEDX CAM Advanced and CYBER Advanced solutions with Medigate’s real-time visibility, utilization data and threat/ vulnerability detection, hospitals gain: •A dvanced device details and real-time utilization insights Utilization data, combined with national clinical asset benchmarks, provide objective data for more informed decisions around replacing, upgrading, dispositioning or reallocating medical devices, leading to savings in operational and capital expense. • Industry-leading threat detection Real-time monitoring of vulnerabili-

ties, alerts, and recalls, as well as the detection of potential suspicious behavior ensures hospitals have an accurate picture of the risks within their network and can take appropriate steps to address. • Effective remediation Identifying and proactively addressing threats, via patching, and mitigating risks through more efficient remediation workflows and compensating controls (when no patch is available). The implementation of clinically vetted preventative and containment policies, via routers, firewalls and NACs, can be automated to speed defenses and reduce attack impacts. To see a demo of how this closed-loop approach can help you efficiently address the connected-device security and management challenges you are facing, please contact us at or call us (855) 908-0775.




California, United States

prioritized based on potential risk to patients. Potentially Torrance Memorial action plans were developed and


SUCCESS BRIEF complexities presented by URGENT/11. and little collaborative history dealing with the cross-device using the Medigate platform to guide their remediation efforts IT security and biomed staff had a limited amount of time was implemented at Torrance Memorial. Torrance Memorial's The Urgent/11 threat was announced shortly after Medigate

What Happened When Torrance Memorial was Tested by Urgent/11 LOCATION

Medical Center

Torrance Memorial COMPANY

devices would be impacted. sources believed that a significant percentage of medical When the threat was announced, reputable healthcare remote control of network devices via the TCP/IP stack. attackers to circumvent NAT/security policies and take Urgent/11 is a unique group of vulnerabilities that allows


Memorial was Tested by Urgent/11 What Happened When Torrance CHALLENGE COM PANY

Torrance Memorial Medical Center LOCATION

California, United States SI ZE

533 Beds INDUSTRY Healthcare WEBSITE

"Without Medigate, my investigations would have been manual, taken weeks and left me with little confidence in the accuracy of my own findings." Todd Felker Information Security Officer 6


Urgent/11 is a unique group of vulnerabilities that allows attackers to circumvent NAT/security policies and take SUCCESS BRIEF remote control of network devices via the TCP/IP stack. When the threat was announced, reputable healthcare sources believed that a significant percentage of medical devices would be impacted. The Urgent/11 threat was announced shortly after Medigate was implemented at Torrance Memorial. Torrance Memorial's IT security and biomed staff had a limited amount of time using the Medigate platform to guide their remediation efforts and little collaborative history dealing with the cross-device complexities presented by URGENT/11.

RESULTS Torrance Memorial action plans were developed and prioritized based on potential risk to patients. Potentially impacted devices were immediately identified. Insights provided by Medigate included: • 19% more connected medical devices were discovered and profiled than estimated; • 26% more non-medical IoT devices were discovered and profiled than estimated; • Consistent with Medigate's claims, device profiles included make, model, MAC and IP addresses, serial number, location, status and security posture. Notably, firmware-level-details, including configuration-specifics such as OS and application versions were also provided; • In addition to Urgent/11 questions, vulnerabilities across Torrance Memorial's entire connected inventory were identified and remediation recommendations were acted upon. SPONSORED BY MEDIGATE

In summary, Torrance Memorial relied on Medigate data to expedite its inventory risk assessment relative to Urgent/11. While Urgent/11 proved to be a non-issue for Torrance Memorial, "the point is, we knew," said Todd Felker, Torrance Memorial's information security officer. "Without Medigate, my investigations would have been manual, taken weeks and left me with little confidence in the accuracy of my own findings." Added Federico Nuno, a Torrance Memorial biomed executive: "We were able to target our resources and remediation programming knowing exactly what to look for. In fact, we've since found that Medigate's ability to provide device location and maintenance state is saving us about 40-man hours per week."

"Medigate's ability to provide device location and maintenance state is saving us about 40-man hours per week." Federico Nuno Biomed Executive


Torrance Memorial security and biomed leadership gained visibility into far more devices than it realized were connected to its networks. The profiling data provided by Medigate was successfully applied when the Urgent/11 threat became known. Significant time was saved as a result of what was quickly learned about Urgent/11, allowing Torrance Memorial to refocus its efforts on the remediation of other known vulnerabilities and maintenance programming.

About Torrance Memorial Medical Center

About Medigate

Torrance Memorial was the first hospital in the Los Angeles South Bay region, and is currently one of just three burn centers in Los Angeles County. In May 2017, Torrance Memorial formally affiliated with Cedars-Sinai Medical Center under the new parent organization, Cedars-Sinai Health System. Torrance Memorial is a Magnet designated facility recognized by the American Nurse Credentialing Center (ANCC) for quality patient care, nursing excellence and innovations in professional nursing practice.

Medigate is the industry's first and leading dedicated medical device security and asset management platform, enabling providers to deliver secure, connected care. Medigate fuses the knowledge and understanding of medical workflow and device identity and protocols with the reality of today's cybersecurity threats. With Medigate, hospital networks can safely operate all medical devices on their network, enabling deployment of existing and new devices to patients while ensuring privacy and safety.




Data Unites Biomed, IT & Security M

ore and more biomed and clinical engineering teams are being pulled into IT and security planning processes together. They are being asked to use their extensive clinical expertise to vet risks and recommend security measures that won’t break or disrupt operations and put patient care at risk. But this analysis is new for many teams, making it hard for anyone to confidently recommend the controls and rules that meet everyone’s needs. But Medigate can help.

MEDIGATE DELIVERS HEALTHCARE SPECIFIC SECURITY Medigate marries clinical and cybersecurity expertise to provide biomed, IT and security teams alike with the information they need to safely protect the sensitive data and ongoing operations of their health systems. Medigate helps bridge the divide, giving organizations visibility into the medical and IoMT devices in 8


their environment, the potential risks they pose, and actionable recommendations on how to mitigate those risks, empowering health systems to: IMPROVE RISK MANAGEMENT Medigate fingerprints all devices using sophisticated deep packet inspection (DPI) techniques to identify granular device attributes. These are then used to calculate a device’s risk score, which can be correlated with medical device standards and clinical parameters to inform risk assessments. The IT team knows exactly what is connected, where it’s located, and the security posture associated with each to inform risk management decisions and mitigation actions. IMPLEMENT NETWORK-CENTRIC PROTECTION Medigate seamlessly integrates with firewalls and/or NACs to automate the enforcement of rule-based, clinically vetted network security policies to contain or block mali-

cious communications in real time without affecting the operation of the medical device under attack. Organizations also have the tools to implement micro segmentation best practices and support advanced, zero-trust security policies. ENABLE CLINICAL DETECTION AND RESPONSE Medigate has the contextual understanding of health systems to accurately detect credible threats, relieving biomed and security teams from extensive investigative work. Medigate meticulously analyzes device and network communications, as well as medical protocols, clinical workflow patterns, and threat intelligence, to accurately detect anomalous behavior and identify and respond to threats in real time. By understanding the acceptable behaviors designated by the manufacturer, Medigate can also detect and alert on device-to-device traffic and anything else that is out of scope and needs to be addressed.




he data captured, enriched, contextualized and orchestrated by Medigate quickly becomes a foundation for transforming asset management and clinical network cybersecurity. Medigate has redefined the meaning of visibility with processes that deliver a dynamic, moving picture of the entire connected landscape. Medigate makes various data flows relevant to cross-functional teams in ways that are directly relevant to their established workflows, as well as for complementary systems in the form of meaningful integrations.

The healthcare industry’s move to electronic healthcare records created significant new exposures that must be managed. The continuing pressure felt

by IT administrators to make those records more easily accessed by consultants, vendors, other third parties and patients must be matched by cybersecurity investments, because the attack surface targeted by cyber criminals is expanding in ways that are making them increasingly vulnerable. Given the COVID-19 pandemic, healthcare quickly made shifts to its delivery model. In the last two months, the use of telehealth has increased from less than 10% to 80%. Medigate is already on top of the shift, as its data capture methodology, Deep Packet Inspection (DPI), identifies telehealth applications and determines whether transmitting devices are covered under client Mobile Device Management (MDM) systems. Deeper level analysis is underway, as Medigate’s DPI can be

applied to unpack telehealth network traffic to inform appropriate management and risk mitigation measures. Again, the advantages of DPI, a deterministic approach, versus the limits of statistical models, are being plainly exposed. Regardless, the operational impacts of most any successful attack cannot be cost-justified. The risk-reward ratio simply doesn’t work. Beyond the EHR and expanding risks courtesy of telehealth, the potential dangers to patient health are not tolerable. As evidenced by a growing, global consensus reflected by converging regulations, a health system’s ability to securely manage its connected landscape is now expected. They have become table stakes. | (855) 908-0775 |




When Everything Converges, you need a single source of truth.

Bridging the gap between biomed, IT, and security isn't just a good idea - it's good business. See how Medigate's device visibility and security platform can help you work more effectively and improve outcomes together and separately.