Henry Ford Health Leverages Asimily to Safeguard Patient Care

Henry Ford Health, a non-profit health system serving Southeast Michigan since 1915, has taken significant steps to address the growing cybersecurity risks associated with the Internet of Medical Things (IoMT). In a recent webinar, Ali Youssef, Director of Medical Device and Emerging Technology Security at Henry Ford Health, shared insights on how the organization is tackling these challenges effectively.

Watch the webinar on-demand 

The Rising Threat Landscape

Healthcare organizations face an unprecedented level of cybersecurity risk. In 2023, there was a record high jump in ransomware attacks across industries, with healthcare being particularly vulnerable. The average cost per incident in healthcare is estimated at $10.9 million, highlighting the critical need for robust security measures. What’s more – many cybersecurity tools do not meet the security needs unique to healthcare organizations, Youssef highlighted.

“Do not lean exclusively on existing IT centric tools because they do not meet the needs of medical devices and IoT devices from an inventory, scanning, or patching standpoint.”

Building a Comprehensive IoMT Security Program

Youssef emphasized several key aspects of Henry Ford Health’s approach to IoMT security:

1. Program Structure and Alignment
   The first step was crafting a framework for the program, aligning with relevant regulations and standards such as the NIST Cybersecurity Framework and HIPAA. This provided a foundation for gap analysis and tool selection. By approaching the initial program methodically, Youssef’s team was able to determine the type of technology they’d need to leverage to meet their needs.  
2. Stakeholder Communication
   The program became a clear priority when Youssef reinforced “cyber safety is patient safety” to clinicians and leadership. By tying security to the core mission of patient care and clinical outcomes, Youssef was able to garner support for the program.
3. Automation and Efficiency
   To manage the vast number of IoT and medical devices with limited resources, Henry Ford Health turned to Asimily. Youssef noted “You need to have an accurate inventory of what’s on your network. That’s step number one.” From there, Youssef’s team leveraged Asimily to uncover key vulnerabilities and begin mitigating risk.
4. Governance and Collaboration
   With teams aligned behind the mission and the right technology in place, Henry Ford Health established a steering committee that meets quarterly and an operational work group that convenes every other week. These groups bring together key stakeholders to discuss high-risk vulnerabilities and develop mitigation plans.
5. Lifecycle Management
   Building the future with security in mind, the organization continues to  focus on managing risk across the entire lifecycle of devices, from procurement to decommissioning. This includes using Asimily Proactive for device hardening and conducting thorough validation during deployment. While prevention is important, also plan for rapid recovery in case of an incident. Youssef noted, “Keep resilience in the back of your mind with these types of programs. Consider if there is a failure or an issue, how can your organization continue to provide care? “

By implementing these strategies and partnering with Asimily, Henry Ford Health has significantly enhanced its ability to protect patient data, ensure the integrity of medical devices, and maintain continuity of care in the face of evolving cyber threats.

As healthcare continues to embrace digital transformation, the lessons from Henry Ford Health serve as a valuable blueprint for organizations seeking to build robust IoMT security programs that safeguard both patient safety and operational resilience.

Read the case study to learn how Henry Ford Health improves IoMT security with Asimily.