“ As part of our critical infrastructure, healthcare is a top target of cybercriminals. It’ s essential that we take action to proactively improve our defences and that we stay steps ahead of bad actors with comprehensive security programmes to ensure uninterrupted, world-class patient care.”

PAHT provides a full range of general acute, outpatient and diagnostic services, with 420 acute beds and operations that span three hospitals and a central administration centre. The organisation employs over 4,000 staff and serves a local population of approximately 350,000 people; with 500,000 additional individuals residing in the boundaries of the wider community within its extended catchment area.

We asked Jeffrey Wood, Deputy Director of ICT at Princess Alexandra Hospital NHS Trust, further questions to find out more:

How has the implementation of Armis Centrix improved PAHT’ s ability to manage cyber-risks in real-time, and what specific benefits have you observed in patient care delivery?

Implementing Armis Centrix has significantly enhanced our ability to manage cyber-risk exposure in real-time. As our technology footprint within the Trust expands, so does our attack surface. Armis Centrix is an AI-powered cyberexposure management platform which proactively identifies and mitigates cyberasset risks, remediates vulnerabilities and secures our entire network.

Crucially, the system’ s ability to detect and alert us about anomalies in real-time means that we can swiftly isolate and protect vulnerable assets, from critical ECG machines to previously unknown connected devices like coffee machines and other assets, strengthening our overall cybersecurity posture.

This enhanced cybersecurity posture and realtime awareness of our environment allows us to confidently focus on delivering uninterrupted patient care. With this strong foundation we’ re able to prioritise ongoing innovation – with safety at the forefront – to ensure we continue providing modern solutions that meet evolving patient needs.

Can you elaborate on the challenges you faced in securing legacy technologies and connected assets that were communicating externally, and how Armis has helped address these issues?

Armis helped us realise the sheer scale of connected assets within our environment, including legacy medical equipment that can’ t be patched or replaced, but remain essential to patient care. For example, we cannot ask our emergency department to stop using vital machinery, such as blood pressure machines, simply because it’ s legacy technology. As we have implemented a new Electronic Health Record it is essential to have more of these devices connected and reduce the inefficiencies of manual transfer of data which has significantly increased our requirements for connected devices.

The key challenge is securing these assets without disrupting operations. AI-powered cyber exposure management and security is the solution. Armis provides the insights we need to identify, contextualise and manage risks in real-time. By segmenting critical legacy technology from the corporate network, we’ ve strengthened security while ensuring uninterrupted patient care.

As PAHT aims to become one of the most digitally advanced trusts in the UK by 2030, what role do you see cybersecurity playing in achieving this vision, and how does Armis fit into your long-term strategy?

Our goal to become one of the UK’ s most digitally advanced trusts by 2030 has driven us to adopt a range of new technologies and devices, for example, a virtual holographic receptionist and Amazon style lockers. At the same time, we’ ve also increased our use of connected medical devices and the Internet of Medical Things( IoMT). All of which has significantly expanded our attack surface.

Cybersecurity has therefore become essential to protect these assets and keep our hospitals secure while we continue to provide world-class patient care. That’ s why we partnered with Armis.

While working with Armis, we ran a proof of concept which opened our eyes to the scale of the issue and we realised the risk was far bigger than we initially thought. Prior to this, we didn’ t have full awareness of all the connected assets on site – innocuous things like vending machines were flying under the radar. As soon as we became aware of everything within our ecosystem, seeing, protecting and managing these assets became possible.

Ultimately, innovation is a double-edged sword. Without cybersecurity, innovation could negatively impact patient care. Through an effective balance we’ re able to execute our long-term vision for the betterment of our patients.

16 WWW. INTELLIGENTCISO. COM