If you’re a security or IT leader for a large medical facility or hospital network, you know how hard it is to see the thousands of medical devices and more in your environment. This poor visibility is caused by two inherent limitations of traditional asset inventory and endpoint security products.
The Device and Network Security Approach
First, these products were made for a world of conventional computers, laptops, and servers, not for sophisticated connected medical devices. These devices can’t host agents, which leaves them invisible to traditional agent-based asset inventory and endpoint security products. Second, manufacturers often require medical devices to be deployed on network segments that keep them isolated from other devices in the environment. Segmented networks are a solid approach to securing specific devices. However, sometimes this creates a blind spot for IT and security professionals.
One example is GE Healthcare’s CARESCAPE Network. The CARESCAPE Network is designed to deliver real-time, reliable communication of critical patient data from GE patient monitors and telemetry systems to the medical staff right when it is needed. GE creates and manages two VLANs in this deployment model: one for mission-critical data (MC) and one for non-real-time data (IX). These VLANs are separated from the hospital network by a dedicated gateway, which helps protect devices and data from crossing the same path as ordinary connected devices. And while GE Healthcare offers multiple validated options to identify & track devices on the network , IT and security teams do not always have ways of identifying, tracking, and securing the medical devices that reside within them themselves.
Armis Sees Devices on the CARESCAPE Network
As a leader in medical device security, Armis is purpose-built for devices and deployments like this. With the Armis platform, you can see devices and traffic on the CARESCAPE network, providing you with the visibility, security, and control your IT and security teams need, while still supporting segmented networks and all the benefits they bring.
Armis agentlessly and passively monitors device traffic, including data passed from the CARESCAPE VLAN through the dedicated gateway and on to the hospital Intranet. There is nothing to install on the devices, and no scans to disrupt them or tip them over. Armis’ ability passively monitor wired and wireless traffic on your network allows us to discover the GE medical devices in your environment, including those that use the proprietary RWHAT protocol and other similar protocols. Armis can identify device information like type, manufacturer, model, FDA classification, MDS2 details, and more.
Armis connects to the GE CARESCAPE network to identify devices
Beyond just identifying a device, Armis tracks medical device status and behavior, helping you maintain an accurate, comprehensive inventory of medical and hospital assets. And, if you already have an IT asset management platform or CMMS/CMDB, Armis can integrate with it to keep records up-to-date with the latest and most complete information available.
Armis can also track the location of equipment as it moves throughout your facility, so you know where clinical staff may have moved mobile equipment like crash carts, dialysis machines, and infusion pumps. Armis can also help you determine how many of a particular type of device you have available and whether or not equipment is off-site or at another facility within your network.
Our platform’s visibility into GE Healthcare’s CARESCAPE Network is just another of many tools we use to ensure we help hospitals and all healthcare delivery organizations secure their medical devices to ensure the continuous delivery of patient safety.
Learn more about what Armis can do for your healthcare environment at armis.com/healthcare.