Baptist Health

Baptist Health

Baptist Health’s Case Study Background

Baptist Health is a full-spectrum health system made up of nine hospitals, 23,000 employees (in addition to more than 2,000 independent physicians), more than 400 points of care, and nearly 2,500 licensed beds. The organization’s employed provider network, Baptist Health Medical Group, has close to 1,500 providers. This includes more than 750 physicians and over 740 advanced practice clinicians.

Baptist Health is working to strengthen its cybersecurity posture and Zero Trust platform by adding more layers of defense and equipping itself with the relevant tools to protect against the next generation of attacks.

Challenges in Baptist Health

Baptist Health operates and relies on an extensive system of medical devices, IoTs, and traditional IT equipment (IoT Use Cases in Healthcare – Baptist Health)… All of which need to be properly managed to ensure the efficacy of cybersecurity efforts, as well as optimal healthcare IoT Security. An asset inventory is, therefore, critical. However, an accurate asset inventory is difficult to achieve. The lack of Layer 1 visibility means that “understanding what’s in our facilities at any given time is a big challenge,” says Michael Erickson, CISO of Baptist Health (Preventing ‘Rogue Device’ Attacks: A Case Study). This is a significant risk as the new generation of attack tools is “getting more sophisticated and smaller.”

Healthcare IoT Security

Using IoT healthcare can be challenging. These malicious tools hide within other assets – be it medical devices, IoTs, peripherals. And they exploit the Layer 1 blind spot by spoofing legitimate devices. “If you have an attack tool that’s designed to actually look like, or simulate or impersonate something that’s relatively benign, and it’s in your environment and it’s not doing anything, it’s pretty difficult to know that it’s there”, says Michael.

Security solutions cannot differentiate between a legitimate HID, a MAC spoofing device or any other rogue device (hacked device). Thus, allowing the latter to bypass security controls and initiate harmful attacks. With countless devices in use at Baptist Health, ranging from critical medical devices to everyday peripherals, there is cause for concern regarding their integrity. “When you think about the delivery of a piece of equipment. Can we ensure that the delivered equipment is truly what the manufacturer designed?”

Fast Deployment at Any Scale

Michael and his team must deal with multiple challenges and a never-ending list of tasks. Leaving no time to spend on tedious and cumbersome tasks.
As Sepio does not entail hardware resources, does not need to monitor any traffic. Nor does it disrupt the networking infrastructure, the solution allows speedy, smooth, and widespread deployment. Moreover, Sepio is an autonomous and self-contained solution that requires minimal human intervention. Non-cybersecurity experts can easily manage it.
“Thanks to its low maintenance requirements, “[Sepio] happened to be something that was very lightweight and something very simple to install. And we saw value from it very quickly, without adding staff,” praises Michael Erickson, CISO of Baptist Health.

Read our case study to learn how Sepio provides complete asset visibility for healthcare organizations.

See every known and shadow asset. Prioritize and mitigate risks.
Talk to an expert. It will help you understand how to use Sepio’s patented technology to gain control of your asset risks.

Download Case Study
November 13th, 2022