Current State:
Typically, today, risk assessments are resource intensive in terms of people and time. Across health delivery organizations (HDOs) there are numerous approaches and in virtually every
instance people are addressing the problem with:
• Excel spreadsheets, manually created risk & control profiles not well-suited for medical devices
• Manual analysis of a manufacturers disclosure statement for medical device security (MDS2)
• Manual analysis of controls, vulnerabilities, devices to provide a one-off risk approach, subjective results
• Many stakeholders, lack of continuity across facilities & platforms for uniform configuration & deployment
• Lack of expertise and knowledge of the application of risk management to connected medical devices
Anecdotally, customers state risk assessments take 20-80 hours, per device, start>finish with inconsistent outcomes.
How ASIMILY ProSecure solves the problem:
ASIMILY ProSecure, permits clients to tackle medical device risk assessments with a new paradigm…a paradigm of risk modeling and platform configuration that can be standardized and implemented consistently across an organization. Each device platform can be implemented with a documented risk assessment with control and configuration plan (CCP)
that ensures a standard risk profile.
ASIMILY ProSecure combines all the knowledge of every platform across our installed base to create an anonymized, community sourced data set of the best configuration and control plan. Every ASIMILY customers is gaining the insights and advantages of ASIMILY’s
artificial intelligence (AI) and machine learning (ML) backend. ASIMILY ProSecure fills the missing gap, completing the risk assessment puzzle.
ASIMILY ProSecure clients can create and evaluate risk, optimal configurations, and best security controls as part of contractual requirements and implementation criteria. Clear, documented requirements to ensure consistency across medical devices as a fleet, or
platform, instead of every installation being a one-off and different.
ASIMILY ProSecure addresses four primary use cases for risk assessment and CCP
development:
1) Legacy devices that need a standard configuration and control plan
2) Shadow IT, unconnected devices with network interface cards, may connect
3) New devices being considered and needing a risk assessment and CCP
4) Ad hoc development of CCPs based on local needs, assets, and policies
