Making Healthcare Device Asset Management Efficient with Security Tech


The following is a guest article by Wes Wright, Chief Healthcare Officer at Ordr

The number of connected devices in a healthcare facility has increased dramatically in the past few years. Everything from handheld tablets, to surgical tools, to MRI machines connect to a facility’s network. Each technological advance improves the ability to provide top-notch patient care, but also expands the attack surface. The recent news of medical facilities halting operations due to cyberattacks highlights just how important it is for healthcare cybersecurity professionals to properly discover, track, and manage all of the devices on a facility’s network, including medical devices.

At the same time, healthcare providers and hospitals are grappling with budget constraints and hiring freezes, while also being tasked with finding a way to cut expenses without impacting the quality of patient care. There is a real need to balance security, efficiency, and effectiveness.

Accurate, Real-Time Asset Inventory

In order for healthcare organizations to manage the risks associated with connected devices, they need to have an accurate understanding of what devices are in fact connecting to their network. A whole hospital approach – with a comprehensive and accurate inventory of all IT, medical devices, IoT (Internet of Things), and IoMT (Internet of Medical Things) is needed. Real-time visibility allows organizations to understand potential security risks and address issues before they become problems. It also gives them the ability to quickly react when there is an attack, helping to identify impacted devices, segment them off, and prevent attacks from spreading.

At the same time, real-time visibility makes healthcare organizations more efficient. In the past, asset inventory was a manual, time-consuming process that was very prone to human error, miscategorizations, and lax update schedules. The status of devices is constantly changing, with old devices being taken offline and new ones onboarded by different stakeholders throughout the organization. Reporting those changes was typically inconsistent, if it happened at all. All in all, accuracy was not guaranteed, leading to “lost” devices and equipment.

For that reason, automating the discovery and asset identification process is a must. The growing number of new devices being added each day makes it impossible to accomplish this without embracing automation. In addition, because medical facilities are operating 24/7, healthcare IT/Cyber professionals need to collect this inventory information passively, in a way that doesn’t interfere with device operation or the delivery of patient care.

Managing Risks and Vulnerabilities

When done correctly, real-time visibility can automatically provide invaluable insights into device types, models, modalities, serial numbers, software details, and operational activities. Insights into this specialized, specific information can help organizations identify connected devices with critical vulnerabilities. There may be devices in use that need the latest security patches or devices running outdated operating systems that can no longer be updated. This is all critical information when trying to understand and protect devices that are critical to both patient care and hospital operations.

Real-time visibility can also provide useful and accurate network and physical location information to locate devices for patching. When medical team members are scrambling to find a device that isn’t where it is supposed to be or incident response teams are trying to determine what device is being compromised, this technology can eliminate a costly game of hide-and-seek.

The Need to Optimize Device Utilization For Assets

In addition to securing devices, asset management and optimization is a growing problem for healthcare organizations. The continued need to invest in and implement new forms of connected devices is making it more and more challenging to stay efficient and control costs. Devices that are idle, underutilized, and unaccounted for are not factored into planning, acquisition, and lifecycle management processes. A lack of knowledge and real-time insight can lead to a healthcare organization over-spending on new devices or equipment when there were existing assets unaccounted for which could have been properly utilized instead.

For example, imagine a healthcare organization that believes that the current usage of EKG machines is at capacity. Equipment isn’t cheap and purchasing additional machines would be a huge expense. Now imagine this same organization was first able to examine its current EKG machine inventory to see how the machines were being used. With accurate usage information they could uncover that devices were being underutilized and that with better scheduling and usage controls they wouldn’t need to invest in new equipment after all. All because of the visibility into what they currently had on-site and how they were being used.

Usage and location aren’t the only benefits of real-time visibility. By knowing exactly how, when, and where a device or piece of equipment is used, healthcare organizations can have a clearer picture of when they should schedule preventative maintenance or patching, ensuring they do so at a time when the impact on patient care is limited. Some may even be able to use the information and patterns to extend the life of devices.

The good news is that the same technology and processes used to discover devices and equipment and identify potential risks or vulnerabilities can also be used to streamline and optimize asset management.

Perfecting Asset Management in Healthcare

Optimizing asset management for every connected device is imperative for healthcare institutions aiming to improve operational efficiency and cost-effectiveness. Leveraging the real-time utilization insights and advanced analytics that come from modern visibility and security tools allows healthcare providers to make informed decisions that positively impact patient care and resource allocation – while helping financial sustainability.

About Wes Wright

Wes is responsible for driving Ordr’s engagement in healthcare. Previously he was the CTO for Imprivata, and prior to that VP and CTO at Sutter Health, a 26-hospital network in Northern California. Prior to Sutter, Wes was CTO and then CIO at Seattle Childrens’, which, to this day, he says was his most gratifying work experience. Prior to his tenure at Children’s, Wes was Executive Director, IS at Scripps Health in San Diego, and prior to that, he served in various CIO and CTO capacities with the United States Air Force, retiring as a Major. Wes has a Masters in Business Administration from The University of New Mexico.


Leave a Reply

Your email address will not be published. Required fields are marked *