GE Healthcare Launches CyberSecurity Service

On the heels of a safety alert for cybersecurity concerns from the U.S. Food and Drug Administration last month, GE Healthcare launched a new cybersecurity service this week, offering medical device expertise, artificial intelligence (AI), and process management tools to hospitals.

Known as Skeye, the vendor-agnostic service is intended to build upon the resources and capabilities facilities already have in place by implementing proactive monitoring via a remote security operations center. The system, which is commercially available in the United States, is designed to help hospitals detect, analyze, and respond to cybersecurity threats and events in real time, according to a company statement.

Based on company information, Skeye employs AI-enabled tools to protect networked medical devices of any age, as well as operating systems. Its comprehensive coverage begins with risk assessment and includes real-time discovery of networked devices. By scanning medical devices connected to a network, the AI tools can pinpoint possible weak spots that could serve as a digital entry point for dangerous intruders. Any identified problems are relayed to a remote security team for analysis and response recommendations.

“Our customers need visibility to what medical devices are connected to their networks and the right resources to mitigate potential threats,” said Matt Silva, GE Healthcare’s chief information security officer, in a written statement. “This new offering provides customers with 360-degree threat visibility and a resolution roadmap to help defend and protect against vulnerabilities.”

Guarding against these potential attacks is not only vital to patient care, but also to a facility’s bottom line. According to a HIPAA Journal study, in 2018, 82 percent of hospital technology experts reported significant security incidents. The average price tag per data breach was $3.86 million. Skeye aims to mitigate those risks, Silva added, by fostering closer partnerships between hospitals’ clinical engineering, IT, and security teams. Alongside a risk assessment, the system can also suggest action plans and offer remediation advice and execution strategies.

“We strongly believe that security is a shared responsibility across various stakeholders, and with this new solution, hospitals will not have access to a range of proactive and reactive cybersecurity services to support their own security programs,” Silva said.

Ketucky-based T.J. Regional Health, a multi-site organization with two hosptials, a health pavilion, and eight outlying clinics, piloted the Skeye system and reported it strengthened the health system’s defenses.

“As a small hospital group, we don’t have a large IT team,” said Chad Friend, T.J. Regional Health’s director of IT. “Accessing the global scale, tools, and expertise of GE Healthcare gave us a partner to ensure we have a robust cybersecurity process in place and access to the latest information and action plans.”