Like many HDOs, Mount Sinai Health System, an internationally acclaimed integrated healthcare system in New York City, faced significant challenges in securing their vast network of medical devices, IoT devices, and connected systems. Dr. Tom Mustac, Senior Director for Cybersecurity at Mount Sinai Health System, was frustrated by the inability to provide visibility and accurately identify assets using his existing toolset. Without an accurate count of the xIOT devices on his network, Dr. Mustac was blind to what devices were on the network and therefore it was completely impossible to mitigate potential threats. Dr. Mustac shared valuable insights into Mount Sinai’s journey and highlighted the integration between Claroty and Cisco as a key solution.
“Our integration with [Claroty] and Cisco has allowed us to enforce stringent security policies across our network, preventing unauthorized access and ensuring the integrity of our critical clinical systems.”
Dr. Tom Mustac, Senior Director for Cybersecurity
Visibility Challenges
Previously, Mount Sinai operated with separate teams responsible for biomedical and IT operations. The lack of integration between these teams led to limited visibility and awareness of their devices’ nature and purpose.
This knowledge and visibility gap posed significant challenges as they were unable to assess the device’s impact on patient care and potential network vulnerabilities. Dr. Mustac compared this lack of visibility to running in a dark room filled with sharp objects, emphasizing the urgent need for improved device visibility and awareness. Additionally, the biomedical team was severely constrained by the availability of vendor patches, end of life operating systems and non-remote upgradable devices, along with workforce constraints to constantly upgrade thousands of devices, a common industry theme.
Furthermore, Mount Sinai faced unique challenges beyond medical devices. Their diverse network environment encompassed a wide range of connected devices, including automobiles, gaming systems, and exercise equipment. Without proper context, identifying and managing these devices became a complex task. Dr. Mustac highlighted the importance of understanding the purpose and intended use of each device, as decisions regarding policies and restrictions require a comprehensive understanding of their functionality
Visibility
To address these challenges, Mount Sinai implemented a comprehensive strategy that leverages the integration between Claroty and Cisco to achieve their goals of enhanced visibility, policy application, and segmentation. With Claroty's visibility, they gain insights into device behavior, communication patterns, and potential policy violations. Claroty's continuous monitoring and violation detection empowers Mount Sinai to actively monitor application dependencies and ownership, enhancing their ability to assess potential risks and implement proactive measures. Leveraging Claroty's visibility tools, they monitor traffic, identify ports and protocols, and gain insights into application installations on endpoints. This visibility allows Mount Sinai to be situationally aware and to apply policies to any new device procured or to segment the network from newly discovered unmanaged devices.
Enforcement
The policy creation process involves three key steps: understanding device functionalities, monitoring traffic, and identifying communication patterns. Claroty automates this process by recommending and enabling close monitoring and refinement of policies specifically designed for Mount Sinai’s needs and requirements. These policies ensure compliance with best practices, making it easy to review anomalies or non-compliant communication attempts, eliminating the tedious and error-prone manual task that hinders effective segmentation. Once approved, the policies are transferred to Cisco ISE (Identity Services Engine) for enforcement. This deliberate separation provides an additional layer of assurance as Claroty streamlines the meticulous and time-consuming process of policy approval for production use.
The robust policies created through the collaboration with Claroty provides an extra layer of security for Mount Sinai’s network infrastructure and allows for proven network security strategies and existing investments, commonplace in Cisco ISE to help protect IT devices, to now be used to protect the IoMT and XIoT devices. Dr. Mustac emphasized the impact of these policies, saying, “Our integration with [Claroty] and Cisco has allowed us to enforce stringent security policies across our network, preventing unauthorized access and ensuring the integrity of our critical clinical systems.” Moreover, it allows Mount Sinai to continue an evolution towards a zero-trust philosophy, ensuring that only authorized communication occurs between devices and clinical systems. This approach prioritizes patient safety without impeding critical clinical communication necessary for effective care delivery.
Segmentation
Claroty and Cisco were used to segment IoMT devices with the creation of uniform VLANs dedicated for medical devices, in addition to mixed VLANs where applicable, allowing them to:
Additionally, device-specific policy enforcement rules (dACLs) placed on over 1,000 IoMT devices across multiple device categories and vendor types leverages a mix of Claroty recommended policies and organization-specific policies to accomplish micro-segmentation, further locking down certain devices categories specific to the individual device and manufacturer-specific needs. For example:
Imaging and X-Ray devices (GE, Philips, Siemens)
Robotic Surgery Systems (Intuitive Surgical)
Medication Dispensing Systems (BD)
Clinical Laboratory Instrumentation & Analyzers (Roche)
Security Cameras (Pelco)
And many more
Conclusion
Dr. Mustac is delighted with the integration, stating that the Claroty and Cisco integration provides them with a holistic view of their network, enabling proactive identification and addressing of potential security risks, ultimately safeguarding patient data and ensuring uninterrupted healthcare delivery.
The integration between Claroty and Cisco plays a pivotal role in enhancing medical device security at Mount Sinai Health System. Through improved device visibility, robust policy enforcement, and a zero-trust approach, they are achieving significant reductions in security incidents, improved patient safety, and ensuring the integrity of critical clinical systems.
