Isle of Wight NHS Trust increases cyber resilience with a 360-degree view of managed and unmanaged assets from ITHealth and Axonius

In 2019, Jake Gully, Digital Operations Manager at Isle of Wight NHS Trust, had been newly appointed and readily understood that the immediate priority for the Trust was to address server and endpoint compliance and onboarding all devices into MDE. It was quickly apparent that the Trust had very limited visibility and reporting on its devices. With an old and broken SCCM 2007 installation and a poorly maintained and unreliable ITSM for asset management, the Trust knew that it needed greater asset visibility to achieve compliance and efficiently manage its upgrade programme.

To fill the visibility gap, the Trust purchased an initial year of a ITHealth Dashboard in February 2020; it gave the Trust the visibility it needed to better manage endpoint and server compliance and provided reliable information so it could plan its upgrade and rolling replacement programs. The ITHealth Dashboard assisted the Trust to complete its Windows 10 migration programme, including the replacement of almost all its legacy server estate.

An early finding from the ITHealth Dashboard’s reporting was the striking gap between managed devices, for which IT were responsible - some 6,500 hosts - and unmanaged devices (IoT/IoMT), of which there were 2,000. “There was very little information or reporting on these unmanaged devices”, said Gully. “A black hole representing almost a third of the physical hosts on our network”. This presented a significant unmanaged attack surface for the Trust, affecting some of its most critical medical, infrastructure and security equipment.

The Trust quickly embarked on a review of the market to identify an IoT/ IoMT security provider. Four leading vendors were identified, including Axonius – all of which were invited to conduct demonstrations and a mini tender. Although the process was IT-led, demonstrations and scoring were handled jointly by colleagues from IT, Medical Electronics, Radiology, Pathology, Pharmacy and Estates teams. “Tendering was competitive, but Axonius was chosen as they demonstrated real commitment to developing the product at pace for the UK NHS market”, said Gully.

With Axonius, the Trust now has complete IoMT/IoT visibility and reporting to address device hardening and north-south segmentation; it can also prioritise risk by criticality and automate mitigation at scale.

Some Axonius favourites of the Isle of Wight NHS Trust include:

• Asset risk prioritised based on impact (Patient Safety, Patient Confidentiality, and Service Disruption)

• Classification of assets by device type and risk exposure per group

• Actionable DSPT and Cyber Alert Dashboards for IoMT/IoT