As connected devices proliferate, GE Healthcare is banking that hospitals, health systems and other providers will seek the company’s help in shoring up their defenses against cyber threats.
The company on Thursday unveiled a cybersecurity product that scans for cyber risks and recommends responses using a mix of artificial intelligence and human expertise. Called Skeye, the product accounts for healthcare’s increasingly digital environment, Matthew Silva, chief information security officer at GE Healthcare, said in a phone interview.
“There has been a very significant change over the last 10 years,” Silva said.
Healthcare remains one of the top targets for hackers and other cybercriminals.
In a report published this week, security vendor CyberMDX estimated data breaches cost the U.S. healthcare system $4 billion in 2019. In addition, the company reported, the average hospital has about 19,300 connected devices but often fails to patch them after a vulnerability is discovered. Four months after a discovery, more than 40% of a hospital’s devices remain unpatched, according to CyberMDX.
Aside from GE Healthcare, other security firms abound: Texas-based CynergisTek, California-based MedCrypt and New York-based Medigate to name a few.
Security professionals, however, can be hard to find. A 2019 report by cybersecurity nonprofit (ISC)2 estimated the gap between current staffing levels in the U.S. and the staffing levels needed to keep organizations safe is about 500,000 people. The shortage may be especially acute when it comes to medical devices as they usually operate on different networks than traditional IT components, Silva said.
“There is a very short supply of clinical IT security folk that understand medical devices and understand security,” he said. “Many customers have struggled to create that bridge between enterprise IT and clinical IT.”
Skeye puts AI to work scanning clinical IT networks to keep track of the devices connecting to them and identify potential weak spots, Silva said. The findings are relayed to a team at a remote operations center, currently in Wisconsin, where experts sift through the data and evaluate potential responses. As more customers sign on, GE Healthcare eventually plans to add centers around the globe, Silva said.
What customers will pay for the tool varies based on their needs, the size of a network and the number of devices connected to it, Silva said. Skeye may be particularly useful for small and midsized health systems that may lack in-house resources. One early customer is T.J. Regional Health, based in Glasgow, Kentucky, south of Louisville.
“As a small hospital group, we don’t have a large IT team,” Chad Friend T.J. Regional’s IT director, said in a statement. “Accessing the global scale, tools and expertise of GE Healthcare gave us a partner to ensure we have a robust cybersecurity process in place and access to the latest information and action plans.”
Photo: ValeryBrozhinsky, Getty Images
