Boosting Expertise in Clinical Engineering at TRIMEDX
TRIMEDX, a global leader in clinical asset management in healthcare, was in need of a cybersecurity training program for a clinical engineering workforce of more than 3,100 team members. This need was spurred in part by the WannaCry ransomware attacks of 2017 that affected over 200,000 computers running the Windows operating system and disrupted the healthcare industry. WannaCry catalyzed a transformation within TRIMEDX to build on a 30 year track record of clinical asset management leadership and become the market leader in clinical asset security. Effective cybersecurity training to TRIMEDX front-line clinical engineers and staff members would not only elevate the organization to meet the new threats, but it would also provide an opportunity to build greater trust with customers and differentiate from less forward-leaning competition.
To move forward with this objective, TRIMEDX leadership initially conducted research to find a training provider that specializes in cybersecurity within the healthcare industry. Unfortunately, the research was unable to yield any “off-the-shelf” options that would meet the needs of the organization. TRIMEDX looked into developing the training in house, but determined that the personnel and direct costs required would be untenable. In conclusion, TRIMEDX leadership determined that a custom training program would be needed from a third party partner.
In building requirements, TRIMEDX leadership first needed to position the program to be popular within the team and to minimize any potential pushback. Stakeholders noted the intense regulatory environment within the healthcare industry and knew that additional compliance training can be negatively received by the staff who are accustomed to quarterly compliance requirements. In facilitating the buy-in, leadership put forth requirements on the length and cadence of the training delivery. It was determined that the training could not exceed four (4) hours maximum in total and that it must be delivered in digestible installments throughout the year at under 20 minutes at a time. TRIMEDX also requested the ability to host the training via the organization’s learning management system (LMS) to facilitate an asynchronous delivery to a widespread team.
Next, the requirements turned to the scope of the subject matter. At a high level, the training needed to empower its engineers with the ability to ensure TRIMEDX clients and their patients would be protected from a variety of cybersecurity threats and risks. These threats were to include both malicious cyber threat actors as well as human error and negligence. Acknowledging that cybersecurity is constantly evolving, TRIMEDX leadership sought a partner that they could grow or evolve with over time. Lastly, collaboration between in-house and external subject matter experts was crucial–TRIMEDX knows its subject area and the training needed to reflect that throughout the solution.
TRIMEDX partnered with N2K to satisfy its initial requirements in building its CE Cyber Academy. The next-generation training program designed to rapidly increase cybersecurity skills among TRIMEDX’s more than 3,100 nationwide clinical engineers.
In line with the request for the one year training term and twelve monthly installments, N2K created a custom Clinical Engineer Cybersecurity Essentials course delivered as a multi-modality video series. The video content included more than three (3) hours of custom training. After multiple discovery stages with select stakeholders up to C-level executives, N2K mapped Cybersecurity Learning Objectives aligned with the current roles and responsibilities of the TRIMEDX clinical engineering workforce. Based on the extensive discovery, these learning objectives also directly and indirectly served the overarching business objectives. The resulting curriculum and training deployment was designed for associates to increase skills including but not limited to:
- Understanding the role and importance of clinical engineering in cybersecurity.
- Understanding their role in supporting TRIMEDX CE CYBER policies and procedures. Understanding the importance and process of securing sensitive data and information.
- Identifying and understanding social engineering attack methods, consequences and preventions.
The solution proposal included a great deal of collaboration and was received well by key stakeholders. “Knowing the weakest link in most cyber defense is typically the human element, we’re investing in giving our CE CYBER specialists, managers, and technicians the skills necessary to keep our front-line defenses strong against the rapidly increasing number of cyber threats against connected medical devices,” said Jon Benedict, Director, Cybersecurity Enablement at TRIMEDX.
“Our team is totally embracing the value of cybersecurity.
Now they just get it.”
Jon Benedict, TRIMEDX
Now they just get it.”
Jon Benedict, TRIMEDX
In just two months of solution design and development, N2K delivered the first program installment on time, on budget and within scope. Over the following eleven (11) months each installment in the series was delivered successfully via the TRIMEDX LMS.
Where the original requirement prescribed a solution from being a “painful” addition to the existing quarterly compliance requirements, the resulting feedback was not only neutral but quite positive. “Every time another installment goes out, I get notes to my inbox from team members saying how these just keep getting better and better,” shared Jon Benedict. Most notably, the employee engagement vastly exceeded expectations. While not required by company policy or regulation, completion rate across the entire delivery exceeded 95%. This number provides evidence that participants not only engaged with the training material, but they completed it in its entirety. Benedict added, “Our team is totally embracing the value of cybersecurity. Now they just get it. ”
Overall, this training deployment established a new way of providing engaging training to TRIMEDX clinical engineers at scale in support of overarching business objectives. This has led to additional opportunities for partnership between TRIMEDX and N2K in other skill areas.
As a parallel initiative to further establish differentiation in its market and bring value to customers, TRIMEDX is looking to enhance cybersecurity credentialing within the organization. In this effort, N2K is working closely with TRIMEDX to further identify roles and individuals who could benefit from obtaining cybersecurity certifications including the CompTIA Security+, ISACA CISM, and (ISC)² CISSP and HCISPP certifications. N2K has been tasked with delivering Live Online Certification courses relevant for the healthcare industry while also ensuring a high pass rates and certificate achievements for participating team members. This effort is ongoing and will continue through 2021.