Challenge
Urgent/11 is a unique group of vulnerabilities that allows attackers to circumvent NAT/security policies and take remote control of network devices via the TCP/IP stack. When the threat was announced, reputable healthcare sources believed that a significant percentage of medical devices would be impacted. The Urgent/11 threat was announced shortly after Claroty was implemented at Torrance Memorial. Torrance Memorial’s IT security and biomed staff had a limited amount of time using the Claroty platform to guide their remediation efforts and little collaborative history dealing with the cross-device complexities presented by Urgent/11.
Results
Torrance Memorial action plans were developed and prioritized based on potential risk to patients. Potentially impacted devices were immediately identified. Insights provided by Claroty included:
19% more connected medical devices were discovered and profiled than estimated
26% more non-medical IoT devices were discovered and profiled than estimated.
Consistent with Claroty's claims, device profiles included make, model, MAC and IP addresses, serial number, location, status and security posture. Notably, firmware-level-details, including configuration-specifics such as OS and application versions were also provided • In addition to Urgent/11 questions, vulnerabilities across Torrance Memorial’s entire connected inventory were identified and remediation recommendations were acted upon.
In addition to Urgent/11 questions, vulnerabilities across Torrance Memorial’s entire connected inventory were identified and remediation recommendations were acted upon.
In summary, Torrance Memorial relied on Claroty data to expedite its inventory risk assessment relative to Urgent/11. While Urgent/11 proved to be a non-issue for Torrance Memorial, “the point is, we knew,” said Todd Felker, Torrance Memorial’s information security officer:
“Without [Claroty], my investigations would have been manual, taken weeks and left me with little confidence in the accuracy of my own findings.”
Todd Felker, Information Security Officer
Takeaway
Torrance Memorial security and biomed leadership gained visibility into far more devices than it realized were connected to its network. The profiling data provided by Claroty was successfully applied when the Urgent/11 threat became known. Significant time was saved as a result of what was quickly learned about Urgent/11, allowing Torrance Memorial to refocus its efforts on the remediation of other known vulnerabilities and maintenance programming.
“We were able to target our resources and remediation programming knowing exactly what to look for. In fact, we’ve since found that Claroty's ability to provide device location and maintenance state is saving us about 40-man hours per week.”
Federico Nuno, Biomed Executive
