Subject: Rapid Response Authorities to Operate for Critical COVID-19 Equipment
The Challenge:
The client identified several medical devices that required rapid cyber security authorization for network connectivity to support the COVID-19 pandemic response. For example, Siemens’ Dimension EXL 200 was needed to quickly process COVID tests at pop-up labs across the country, and the Dräger Evita® Infinity® V500 ventilator was needed to support respiratory complications in COVID patients. These devices also needed connectivity to the MHS Genesis electronic health record system.
The Solution:
To meet the urgent mission need, Sentar’s Risk Management Framework experts developed the client Rapid ATO process to include all requisite artifacts for identifying and mitigating cyber risks (e.g., topology and dataflow diagrams, vulnerability reports). We applied our solution to novel cloud and containerization technology instances for applications migrating to AWS GovCloud. Lessons-learned were quickly identified and applied, both to the target ATO instance, and the remaining system packages. For lower-risk systems, we developed a new Assess and Incorporate process to further expedite deployment. As a result, our personnel were able to successfully achieve favorable authorization decisions for all target systems in four months (vs. a more typical 1-1.5 years per system).
The Mission Impact:
- Expedited Connected Medical Devices to Enhance COVID-19 Response: Our solution allowed the client to respond more quickly to the pandemic and help reduce the spread of the virus. Testing sites could quickly begin using the lab equipment and report testing results to medical personnel in a timely manner.
- Established Validity to the Emerging A&I Process: The project helped establish validity to the new Assess and Incorporate process, which will be used for a majority of the MDE (Medical Devices & Equipment) used with the client. All of this work results in more efficient clinical capabilities.