welcome and thanks for joining today's webinar uh hosted by novolo and first health advisory in this session today we're going to dive into ot cyber security you know it's a really important topic as we think about cyber protections for medical devices and health care and it's certainly a topic that i'm talking about a lot these days as we think about really that threat and risk as it relates to vulnerabilities and threats in the wild we'll talk more about that today uh with me we'll dive into uh excuse me with me we'll um is carter groom we'll do introductions here in just a minute here's our agenda today though we're gonna go through uh really around cyber security readiness and carter's going to talk about what his organization does to help healthcare organizations look at their cybersecurity processes technology and what they need to look at across their business to address those cybersecurity threats i'm going to take us through really a little bit of background on novolo and what our business is as it relates to software for healthcare we'll talk about the cybersecurity business challenges why is this a topic we want to dive into today and what are the key things we're we're seeing in the market and then i'll take you through an actual demonstration show you how novolo's ot cyber security solution works and ultimately gets clients to that next level of readiness when we think about cyber security protections so my name is ben pearson i'm our vice president of global marketing at novo been with novolo for around five years now since the company got started and uh worked around the healthcare organizations and many many providers and service providers in the healthcare industry over the last few years and really excited to have this conversation today with you joining me today is carter groom and carter i'll let you do a quick introduction but carter is our the chief executive officer at first health health advisory uh carter thanks for joining today yeah thank you so much ben and thank you to to everybody on this webinar for taking time out of your day to join i wanted to give some context to our approach at first health as we work closely with nuvolo and its customers in a variety of technical and operational capacities we're a services firm collaborating with htm biomed clinical engineers really to close a blind spot in your device inventory we call it gaining visibility and the security vulnerabilities associated with those assets and as a part of that collaboration we bring a mix of specialists in security networking i.t program managers all with htm experience at the core and although we work in the post-market arena we pay really close attention to pre-market innovations regulatory issues and the policy environment to address and prepare for challenges that might impact your compliance your reporting even your processes and so we spend a lot of time helping organizations select integrate and operationalize what we call automated asset inventory technologies some of you have made may have heard of these order metagate zing box cyber mbx silaire to name a few and we refer to them as medical iot or miot you might have heard hiot visibility and vulnerability tools and so when we mix all of this together it it provides an option to health delivery organizations who may not have the internal resources or skill sets to develop a risk management program around these devices and and it goes without saying that the htm world has been absolutely turned upside down this year and you might be thinking am i or is our department even ready for all of this should i just keep on doing what i'm doing and and with that in mind i've posed some rhetorical questions for consideration uh and so we can we can jump to the next slide ben uh i also want to add you in html you've always had accountability for this fleet of devices yet the responsibility of mitigating cyber risks specific to these assets in many organizations has become a hot potato uh it's causing some turbulence to say the least and whether you report up through i.t or separately through supply chain or even a different department htm has never really had the tools to address cyber related risk beyond perhaps vendor provided guidance or documents like the tir 57 so you know these questions are just to kind of start thinking about or or themes that we discuss with our client base you know how are you positioning and preparing your organization for this new or newer responsibility and and you know the visibility that comes with these technologies what's your organization's current status on visibility and vulnerability tools uh you know if if you have a platform like order or metagate silera are you engaged in understanding what data is available to you and your team or if if you don't have a tool it's a good bet you'll be getting one soon and you'll certainly want to participate in that selection process or even the deployment of that technology and so to go a little bit further how will that information that you start getting impact your daily work routines and those that work in your department and what new challenges will this visibility vulnerability information present it's all you know a bunch of information and you might just think this is just a lot of noise here how do i even know what to take seriously or what i can accept as a risk and just move on and even more so are those decisions aligned with your organization's kind of broader risk appetite we think about what opportunities these technologies present as well there's certainly great opportunity in this information for a variety of reasons but it's not going to be of value to you in htm if it's not in the context of how you manage the department how you address patient safety and how you maintain operational uptime uh and then you know kind of finally do you even have the resources and the skills to address that cyber risk and how do you bring together those technologies those processes and and those resources to create efficiencies and and reduce risk uh and so with all of those things to consider you know trying to figure out what resources and processes that need to be looked at the technologies that you know are utilized it can be overwhelming to say the least and so you know i i think about how do you even begin uh to figure out this puzzle uh and so i put together a little chart uh ben if you want to go to the next slide and one way we try to to think about this is is to define integration on htm terms we hear a lot about integration and it probably means something different to everybody in your organization but when we think about integration in the context of medical device risk management we consider technical aspects you know is the data being shared as well as operational aspects are your processes or governance aligned with it security facilities the clinicians and so i've i've tried to illustrate three levels of maturity that might help with a little clarity on this topic and at the highest level get a sense for what's being done in other organizations that are you know trying to simplify this challenge in a way that doesn't overwhelm you with cyber speak there's there's really three levels here and i guess technically there's a level zero if you will where if you have no automated way to monitor your inventory maybe you're still getting that infra information the old-fashioned way we call it sneaker net where you're walking around and you know making sure those devices are in your cmms system you recall my earlier comments about getting a tool if you're at level zero you're lagging your peers no matter what size organization you are now at level one the these tools the the cmms system and and the miot visibility and vulnerability tools are connected you're getting information from your fleet from the devices on the network and perhaps you're getting some some great information but it's not flowing into your cmms system your work platform and system of record it's simply not interfaced where level two it's interfaced you're starting to get some context on these devices and so for example when the security team says hey we've got a critical vulnerability in a rolling c arm and you need to address it you'll at least have the confidence to know that you're looking at the same device in your system as they are in their system of record and in many cases you'll still need to get remediation or mitigation information and most likely consultation from the security team but it's it's not truly integrated which is what we're striving for here in level three that's where information and the operations become one uh you know your workflows are are standardized and when appropriate tasks can be automated and you can make essential with less effort and more intelligence than ever before and so with that i'm going to turn it over to ben uh from nuvolo and have him share how organizations are getting to this level three integration thank you so much carter thank you for that and by the way you know it's it's really interesting when i'm talking to hospitals and providers around the country you know they're at every level of this maturity curve right you two even your point level zero where they haven't selected uh an endpoint miot you know monitoring system like an order like a metagate etc yet all the way up where organizations are saying well i can just hook my order directly into my cmms myself and we've seen that kind of the challenges organizations are faced in doing that so i want to talk a little bit about exactly what we're doing at the level three true mature integrated model with novolo in tying together your ot cyber security systems to your cmms with an actual true orchestration automation uh really model that allows that not just now but ongoing cyber security protections and automation for your business so carter this is great uh you guys if you have questions while we're going by the way feel free to use the chat option glad to field any questions uh carter and i'll be feeling those here at the end but uh uh feel free to use that as well a little bit about a little bit about novolo novolo we've been in business uh now and our focus has always been around healthcare um you know we are the leading cmms connected hospitals we call it software company that's what we do and so organizations across the country are using us for their cmms product today naturally we extended into the ot cyber security capability as well to drive that orchestration for us we have that source of truth your asset inventory your medical device inventory already why not protect it why not drive automation and create work orders when there's issues or when there needs to be action taken we have over a thousand healthcare customers using novolo whether that be our direct providers that also is our healthcare service providers that use our solution as well for their customers we're designed for both the htm groups and your facilities departments in healthcare we're purpose built we can handle your joint commission audits your dnv audits your environment of care rounding all that capability is pre-built into our solution and tie into a lot of these key capabilities like equi and other rtls systems in your hospitals so really purpose-built and really excited to share and show you some of that capability today uh we also have key industry experts within our staff we have folks that joined us from ssm health intermountain health and others that are bringing that industry expertise and continue to drive that focus in the healthcare business what solutions do we provide i mentioned that we have a cmms system obviously we call that maintenance that includes everything from asset management to work order managing your pms all of that capability pre-built in and designed for health care but what we're going to dive into today is specifically our ot cyber security capability that truly brings you up to that level three functionality uh that you need for your business when you truly want that ongoing response and automation when there's an issue when there's a vulnerability when there's an action that needs to be taken but we do cover the rest of your other departments for your example your facilities teams are also a part of our solution set as well but why are clients talking to carter myself about ot cyber security and you guys you know i've been around since wannacry was out in 2017 i was talking to a big national health system last year on blue keep and to that point we were seeing the the challenges when those things came out when there was a ransomware attack on connected medical devices back in 2017 with rants with uh wannacry organizations had to scramble they had to get people to go figure out what to do they had to redirect patients in some cases to other hospitals if devices were down it was a major impact we saw the same thing last year with blue keep organizations had to figure out what devices were potentially vulnerable to that out-of-date operating system and how do we take action in the end these four things are the you know i think about a top priority for healthcare organizations right how do we make sure the environment is safe right how do we look at that environment of care how do we make sure we protect our brand the last thing the hospital wants to be is in the news for an attack like like wannacry as we saw back in uh 2017 and also patient outcomes we want to make sure that in the end it's about the patients and it's about making sure those devices we're putting the patients on are safe for patient use and then availability and performance you all may only have a couple imaging devices or cts or mrs in your environment that you can put patients on if those things are down that's a major impact related to revenue as well to your business for those elective type procedures when i look at the real challenge and carter covered quite a bit of this and your organization does a lot on this carter it's not just technology we're obviously in a technology company but it's about the people process and technology and we're seeing htm organizations even look to transform how they run this new functional part of their business carter mentioned that where do we staff who's ultimately responsible for medical device cyber security in some cases htm departments are adding a net new headcount to go be that person that is a cyber security expert within their department other organizations are bringing that within their i.t departments as it relates to their cyber practices uh there as well so we we're seeing a couple different options related to that when we think about what kind has driven this challenge certainly the fact that more and more medical devices are getting connected to the network plays a role but also through hospital acquisitions we've been seeing this for about the last 10 years is hospital buying other hospitals well because of that a lot of times there's technology sprawl we don't have a single source of inventory data i was down uh talking to a hospital in texas here a couple years ago and i said do you even know what devices you have and and of those which ones are connected to your network um they didn't know and that was a that was really a foundational item we talked about is how do we get to a single source of truth how do we have single inventory data source that now we can actually look to protect and that's one of the things we think about that cmms modernization that a lot of organizations are looking at as that first step in the journey to getting to a trusted inventory trusted source of data that now we can actually add the ip address mac address and critical information to protect that data right we think about the operating uh you know the process that organizations are doing when it comes to onboarding brand new medical devices how are we at procuring those devices are doctors just walking in with new devices that they're getting to try are they are actually going through a proper onboarding and security checks as they're part of their onboarding procedures and are we gathering the key data points that we need as part of that onboarding process right are we actually getting the software version firmware version mac and ip address and data that's relevant related to that asset inventory third are we following standard naming conventions there's industry standard naming conventions that navola already provides things like aligning to equi's um dns unique medical device naming standard looking at the fda's unique device identifier data standard that came out a few years ago those are options we provide those as part of the core platform that you can align your data against and lastly is looking at your where your maintenance is happening it's not just maintenance for your hdm department it's also work order management asset management maintenance for your facilities and other groups in the business as well like pharmacy nutrition services linens etc so these are the big kind of four buckets we think about that people process and technology areas that we need to look at as we're looking to address ot cyber security so and carter kind of talked about those different levels those level ones through level three and we think about each of those levels now in in most organizations you know that haven't brought in one of those example order metagate toolings in slot cases they have security systems running right the it has various security tools well they're scanning the network they're looking at for if you know issues and this is a lot of cases that i see when we first start this process so we've got an event something happens we found a new device that didn't exist before we have a security vulnerability we have an active exploit data's leaving our network it shouldn't be but security gets this alert and notification but they don't know what really enough detail about that device you know it doesn't know is it a medical device where is it physically located what building it's in what department is it surgery is it you know er what department owns it who do i contact and how do we remediate the problem in a lot of cases it requires phone calls emails and someone physically going out and finding this device your htm and your facilities departments are running business as usual right they're doing their pms they're doing their their rounds are doing their regular procedures but they don't realize there's a medical device that's potentially impacted that's connected to the network that's a lot of cases what we're seeing today with novolo we also have a pre-built integration and certification ongoing as part of our ongoing technical relationship and partnership with all of the endpoint security products on the market so what's great about this is organizations that have already made an investment in order zingbox with palo alto networks metagate cyber mdx scenario assembly we keep adding more and more every every month to this list what organizations get is they don't have to custom build an integration to their cmms system with novolo it's all pre-built so we already mapped every field within these systems for mac address host name all the key data points already mapped what's great about this is now we can automate with playbooks when something occurs so think of these as your event systems and i'll talk more about this in a second as order has an event navola we pre-built a playbook for discovery events for example it's a brand new medical device that didn't previously exist in your inventory the order found what do we do well let's get this actually creating a work order automatically to your clinical engineering hdm team and have them actually go and properly make sure this device is onboarded before it's ready for patient use those are playbooks that are already pre-built in that you get as part of that solution we also have data feeds if you are at a level one or at a level zero and don't have one of these solutions we also have pre-built in the data feeds from mitre and nist so that basically you have a pre-built set of vulnerability data as a starting point if you're early in this process so we have levels that we can all provide to you depending on where you're at your maturity curve when you look at what the future state can hold at that level three this is what we're talking about specifically so we have our endpoint monitoring and security solutions that you're looking at or hopefully already already working on getting in your environment now you've added our novolo ot cyber security solution to your the nevolo cmms system and think about it right we have all the actions that are coming in we have discovery events alerts of information that now we can correlate against your trusted inventory what's the device right is it an imaging device is it a pump what is the issue who needs to take action and how do we take the action security can actually see the same issue within their system as your htm team and in the end we have one place to go to look at that data we can also pass information back to these systems so order now knows this is the owning department this is exactly where this physical device is actually located at within your facility so really powerful and being able to not just pass and automate and orchestrate that automated work but also share information back with these endpoint protection systems really powerful again that's where we can truly automate orchestrate not just now but in the future as we add and continue to grow that portfolio of orchestration toolkits for you from a workflow perspective you guys can take advantage of those as part of the offering i'd like to dive into a demonstration now and show you exactly what i mean by this i think it's really important to see real really how this actually operates and works for your business feel free to use the chat feature again it's in there if you have questions on that i'm glad to field those we will have a formal q a here after the brief demonstration all right so let's let's actually dive in and look at what we can actually see if i'm in the htm department and i and i actually have a cyber security person watching for vulnerabilities watching for discovery events what do we do so let's talk a little about this ot cyber security module that we provide as part of our overall solution set so one of the things i mentioned is the fact that we have key data sources and field mappings we can actually data source and data map all of your key products so with order i already have all of your mappings i actually have every field mapping for order so i know ip addresses mac addresses all of that data you don't have to figure that out or custom build an integration we've seen clients do that you turn on navolo it's already functional already working already able to update all of your asset inventory data as order finds information out on those connected medical devices as that data comes in we're actually able to process that we bring in discovery information we bring in security information from those systems and process it with workflows and identification systems so we have matching rules that allow us to take information that says we found a match order has information of a brand new device we didn't find a match we actually need to create and stage a device that somebody needs to go out and actually properly on board i'll show you that in a second and what do we do if we actually have an issue how do we alert and notify and send out information when there is an actual problem so let's actually go in let's talk about let's actually look at that that home page for a second and walk you through some specific examples so i'll open my dashboard here and look at my security events that are going on so let's actually start with my discovery first because this one's you know obviously important new medical device shows up on your network that you didn't have in your inventory guess what i want to know about that right and i want to actually make sure that that device is in my inventory accurately and has been gone through all the property electrical safety checks and everything that needs to do before we actually put a patient on that device so here i can see all the devices that have been coming into my network i can click in and see the data so here's devices that are pending verification they have not been properly onboarded yet but they are ready to go so let me just grab one of these medical devices and take a quick peek at it what happens here is this device which is in my cmms inventory now because this is fully tied in i can see that we know a little bit of data we know where it's physically located it's a ventilator we know a little bit of details around the manufacturer in the model right we can actually see any other technical information that came on this this uh this came in from metagate specifically you can see the data source where it came from so now we have enough information you'll also notice if we look at the service history on this device novolo with our playbook for discovery events automatically created a work order to actually properly verify and kick off a ticket to the htm department to go look at this so that was all automated that automated response and orchestration was pre-built in as part of our solution that's just one example as many other playbooks that we have pre-built in for vulnerabilities and uh and uh and issues on your network so great we actually can see this work order the technician actually needs to go out and bring up the work order we can take a look at it for a second what's great about this is now someone actually is going and taking a look there's all the data that came over from metagate in this example that they can look at and they can go through the process of bringing this in looks like there's a question couple coming in let me take a look um first question i'll cover at the very end looks like there's a question around discovery tools that we recommend you guys we um we're we integrate with almost every single one of the uh medical device cyber security products in the market we keep adding more certainly if you have one that wasn't on the previous list we can add that as well uh yes another question is do you also integrate with tenable nessus uh we can we support that one as well christian yeah good question great great so anyway that's one example so that's that's a discovery event obviously that discovery event playbook is pre-built found a new device not in my inventory automate the the work and the action to go get it properly onboarded and now in my inventory accurately tagged and properly uh on board into the business so that's one example the next is around vulnerability management so again if order finds a vulnerability on the network that vulnerability uh could be i could mention wannacry that was out there blue keep and then the others that keep coming out this continues to be tracked and monitored and managed now i can actually see let's see what open device vulnerabilities are out here here's i got a fourteen elaris pump sitting here i see this one came in from orders was not critical but we can see its detail that came over so this one has a vulnerability is actually a recall on this device uh so there's that's what's going on it's an fta recall here's the fda recall number so we got great data and again htm now has all this data at their fingertips in real time right so now we can see the work order that was auto kicked off for this for this remediation for this particular issue auto kicked off now they can actually work on this what's great about these things is we can also look at other aspects so let's look at security events not just vulnerabilities so if there is an active exploit that's going on let's take a peek at one of those six critical active exploits one came in from metagate let's take a look at this one so seven devices one of the neat things about these exploits isn't just that i can see the exploit because the key for me and carter you mentioned this earlier it's about getting the noise out of your system right i want to know what that what do i actually need to take action on and in the hdm department you only have so many resources to do things i want to prioritize where we're spending our time and energy especially around vulnerabilities and events what's great about this is here's an active exploit that's going on so uh there's seven devices four different models that are affected uh we can go through the details of this specifically but you'll see you can read through that but now we auto matched you know you saw that we have that auto matching rule functionality i auto match this these are the three there's a three affected devices that i auto matched against this and i auto kicked off three work orders to my three clinical engineers they need to actually go take a look at this we also kick the ticket over to it to make sure they're aware of this so now security and i t can see this ticket we can see the vulnerability and all affected assets so when blue keep came out for example that we can actually see all the assets that were running that out of data operating system and automatically create a work order or a project work order to go touch those devices and either patch them with the if the oem has a patch for it or get them somehow protected through white listing or firewalls depending on what that what that remediation need is available so really powerful again pre-built pre-built workflows you don't have to develop these nivola we've built these for you and pre-built integrations to those partners those technology partners i mentioned that's something we maintain that's a technology partnership we have with all of those uh those vendors so that we keep that up to date as they upgrade as order upgrades as mitigate upgrades we continue to certify that for them and also our product as it upgrades stays certified with those products those playbooks continue to be added so that all that automation response you get that you don't have to build that on your own so you know that's that's in the end that's what we're talking about we think about helping you drive automation orchestration response for your medical devices that are connected to your networks again as you've made those investments are looking to make those investments and those endpoint protections drive that automation as well i know we're at uh at the bottom of the hour i want to stay true to about 30 minutes like someone's hand was raised if you have questions feel free to drop those in i am going to go and bring up the q a at this point i'd love to open it up for questions and answers and see what other questions i can i can answer for the folks on the call or carter can answer uh as well good questions so far that have come in though appreciate those if someone had their hand raised you'd feel free to use the chat feature if you do have a question okay it's a quiet group okay carter i'm gonna give everyone about two more minutes looks like here we go got a question dropping in see we got great yeah one quick follow-up uh the question is the webinar is gonna be recorded we absolutely will record it we'll share this with you afterwards uh and this will be provided to you we'll also have this out on our youtube and novolo.com site as well so you'll be able to watch this after the fact uh the question uh robert good question how much of this is service now versus novolo built everything that you saw in that demonstration was actually novollo built we actually built under the hood it is still using servicenow's engine and infrastructure but all of the development and all the capabilities you saw around our cmms and all of our ot cyber security is all developed by us reporting and analytics still does use servicenow's reporting analytics engine as well hopefully that answered your question if there's anything specific you want me to touch on robert i can't great next question is can i plug in multiple discovery solutions in a novolas otc cyber security solution uh that's a great question we absolutely can so if you have more than one data feed so if you're running cisco ice and you're running order if you're running multiple tools and you actually want to take advantage of multiple data points for discovery or vulnerability or threats absolutely we can support not just a single data feed but actually multiple as well yeah great question great question keep them coming if there's any others great all right we'll give everybody one more minute for any final questions otherwise we'll wrap up and you guys you have our contact information right here on the screen if you would like to have a follow-up deep dive further reach out to myself or carter i'm glad to provide any other uh questions and answers for you appreciate it robert thank you for that feedback i'm glad that glad to oh good question good question dustin's your question was we will soon have a cmms rtls and order can these all talk absolutely so depending on what um so hopefully your cmms is novolo um and then your rtls depending on which one you're using we do integrate with rtls systems and can visualize where devices are visually on a floor plan that ties into our space as i mentioned kind of earlier in the demonstration there so we can actually show you where that device is and we can tie in with your rtls system actually pinpoint where it currently is at so if you're using like a stanley arrow scout or a send track or impinge or one of the other rtls systems we certainly can look to tie into that and then order we have a pre-built integration so you get the value of being able to tie right into order with those workflows that i just talked about device discovery vulnerabilities events and alerts absolutely hopefully that answered your question dustin another question came in uh oh sorry another question uh was around when will utilization numbers be incorporated with your the cyber numbers is this going to excuse me is this going to come up with time yeah i mean utilization metrics can actually so one of the things we track around assets isn't just uptime downtime we can also bring in utilization measures as well and that's something we store against an asset as part of our pm scheduling we can't we can do calendar-based scheduling floating schedules but also utilization-based schedules so one of the things that um either you're looking at if you're looking at uptime downtime that's something we could tie in related to that we also can utilize that data as it relates to doing pm scheduling right maybe you want one maybe you want to look to schedule in addition to your schedule joint commission schedule or aem schedule but maybe you also want to look at util utilization measures or when's the device being used the least to be able to schedule that time to have an htm tech engineer go out and actually do the work uh dustin hopefully that answered your question if not feel free to answer ask a follow-up there great barbara a good question let's see what you got what attributes do you use to match assets found in discovery to those existing in the cmms so barbara we use a number of measures we look at the mac address we look at the the device name itself we look at serial number um we look at ip address there's about five other measures we're looking at uh so and then there's a priority order so we find a mac address where our confidence level is pretty accurate that that's the real device uh and that's the matching algorithm we use um but mac address uh hostname uh serial number those type of data points are what we're primarily looking at ip address as well i did that to answer your question barbara if not uh follow up on that one cool good questions okay give everybody one more minute otherwise a little uh this is great great feedback you guys hopefully this was valuable hopefully again we sparked some thought and interest in exactly what some of the challenges you might be faced with my wife's a clinical engineer herself so i hear from her uh around some of the challenges that she faced within her hospital so uh you guys it's uh it's it's important and this is like i said that's why we want to put this session on for y'all today and um like i mentioned feel free reach out to myself carter glad to follow ups with any one of you if you'd like to learn more and hear more about uh what we're doing in this in this particular space okay don't see any other more questions coming in carter one i want to thank you for your time as well thank you for uh joining us today on this webinar i appreciate your participation and sharing what you're seeing as well yeah thank you ben and to everybody who joined just a comment there was a previous question on recommendations for these automated discovery tools and although we're partisan we've helped many organizations through that selection process some of these tools are are better fits for certain organizations and so if there are any uh you know more detailed questions you have we're certainly here to help thank you guys so much great thanks carter excellent appreciate everyone have a great rest of your day take care bye bye you