GE introduces Skeye to help providers identify and eliminate cybersecurity threats

GE Healthcare beefs up cybersecurity protection for providers with Skeye

February 25, 2020
by John R. Fischer, Senior Reporter
GE Healthcare is once again helping providers tackle cybersecurity threats — this time, with a new solution that leverages their existing resources and capabilities.

The healthcare tech giant has unveiled Skeye, a monitoring system that utilizes AI and process management tools to keep watch over a provider’s connected devices through a remote security operations center, and help them to detect, analyze and respond to threats and events in real time.

“Skeye augments the hospital's existing security program by focusing on connected clinical devices, eliminating challenges inherent in these devices, such as OEM patch validation; validated 3P SW such as A/V, malware; and research to determine what is permissible, or not permissible, regarding compensating controls for all devices, regardless of OEM,” Sher Baig, senior director of global cyber product commercialization at GE Healthcare, told HCB News.

Connecting devices, though essential, increases cybersecurity risks that can impact an organization’s productivity, finances, quality of care and reputation. In 2018 alone, 82 percent of hospital technology experts reported a “significant security incident,” with the average data breach costing $3.86 million.

Skeye uses AI-enabled tools and the security operations center (SOC) to analyze, monitor and help manage cybersecurity vulnerabilities. This includes producing lists of impacted devices immediately, monitoring OEMs for patch validation, applying work orders to apply patches, and keeping a record of devices that are remediated for future reference. It also provides an on-site expert that works as an extension of the SOC on site to help with remediation execution for clinical engineering teams.

Among its offerings is its 360˚ coverage, which begins with risk assessment and includes real-time networked device discovery. The SOC also offers recommended action plans, remediation advice and execution strategies that draw up collaborations among the provider’s clinical engineering, IT and security teams.

In addition to detecting threats, its AI features automate connected device inventory and equipment risk profiling throughout a hospital to create a dynamic management system for device onboarding and decommissioning. An SOC team provides monitoring, threat detection and remediation for connected devices under a GE Healthcare service contract.

Skeye is also a cost-savings tool that provides a full understanding of the networking and security parameters of connected clinical devices and continually updates data when new clinical devices are introduced onto a network or retired. Identifying these parameters otherwise costs as much as $250,000 to gather and record.

“Skeye uses a combination of people, process and technology to monitor, alert and remediate security vulnerabilities,” said Baig. “Individually, each of these components represents significant capital expenditure and increased labor costs. Skeye can deliver this as a service for a lower overall cost. Additionally, the Skeye offering is flexible and can grow or reduce depending on the customer's needs, as opposed to increasing or reducing personnel. Finally, as the Skeye technology suite grows, the customer benefits immediately instead of evaluating a new technology or upgrading technology already purchased.”

One practice to benefit from Skeye is T.J. Regional Health, an independent, multi-site provider in southern Kentucky that partnered with GE Healthcare to pilot the solution. The hospital has since formed a more proactive cybersecurity plan, created stronger connections between its departments, defined a cybersecurity policy and installed proper procedures and policies for device security management, according to its director of IT, Chad Friend.

“As a small hospital group, we don’t have a large IT team,” he said in a statement. “Accessing the global scale, tools and expertise of GE Healthcare gave us a partner to ensure we have a robust cybersecurity process in place and access to the latest information and action plans. After all, who knows how to protect the devices better than an equipment manufacturer?”

The solution is vendor-agnostic, offering protection to any networked medical device, regardless of age, OEM or operating system.

It is currently available for sale in the U.S.

GE Healthcare plans to extend it to providers outside of the U.S. later this year.