Overview
As hospitals have been rapidly advancing toward smart healthcare in recent years and accelerating the adoption of Internet of Medical Things (IoMT), connected devices have naturally become the optimal entry points for attackers. National Taiwan University Hospital (NTUH) launched Claroty xDome to close visibility gaps between IT and clinical environments, moving from a manual, reactive approach to a data-driven security strategy to strengthen smart healthcare security.
Chiuan-Jung Chen, Director of the Information Technology Office at NTUH, implemented Claroty xDome for Healthcare to keep cyber risk controlled while aligning with the Ministry of Health and Welfare’s Implementation Guidelines for Cybersecurity Protection of Medical Device Information and Communication Systems. Through their adoption of Claroty, NTUH successfully translates real-time data into concrete compliance outcomes, becoming the first hospital to fully implement these guidelines.
Challenges
Prior to their partnership with Claroty, the boundaries between the hospital’s IT and clinical environments were becoming increasingly blurred:
Inability to enforce traditional security
Since medical devices typically run on closed or older operating systems to ensure stable operation, NTUH’s traditional IT tools like firewalls and EDR didn’t recognize proprietary medical-device protocols, limiting threat detection and control in clinical networks. Additionally, because medical devices often run older OS versions, they are rarely capable of self-updating or patching. If active IT security controls or online blocking mechanisms disrupt medical devices, it could cause them to reboot or fail, directly impacting patient safety.
Bridging the IT/IoMT gap
Fragmented ownership between IT and Medical Engineering required tighter coordination; manual IP inventories slowed investigations and incident response.
Manual guesswork of data
NTUH struggled with unknown vulnerabilities in medical devices without a clear understanding of whether remediation was required or how to remediate. Manual inventory tasks were taking weeks and keeping valuable staff members from working efficiently.
“In the past, the biggest challenge for the IT department in cybersecurity management was not knowing what vulnerabilities existed in medical devices, how to fix them, or whether they even needed fixing. We use the dashboard and reports to understand the risk status of medical devices, determine if the manufacturer has released patches, and minimize risks through network isolation."
Chiuan-Jung Chen, Director of the Information Technology Office at NTUH
Solution
Implementing the dashboard through Claroty xDome helped NTUH move from reactive firefighting to a proactive operations model, bringing much needed visibility to highlight vulnerabilities within medical devices, track device communications, and improve operational efficiency.
Expose Immediate Risks
Claroty's medical-asset dashboard provides insights that continuously discovers devices across IT and clinical networks. IT gains instant visibility into the exact risk status and known vulnerabilities of every device. IT and Medical Engineering use these shared insights to safely remediate risks, such as initiating network isolation, without disrupting clinical operations or patient safety.
Integrate Detection with SOC
When NTUH’s cybersecurity defenses detect abnormal traffic and issue alerts, IT can immediately identify the device’s IP address, brand, model, and physical location. This enables third-party vendors or clinical engineering to swiftly address incidents and minimize potential risks.
Create Internal Playbooks for Remediation
NTUH established availability-first remediation playbooks—e.g., mitigate via network isolation when patches aren’t available and engage manufacturers when fixes exist—under a passive, observational control strategy to avoid device disruption.
“Claroty enables real-time monitoring of the security status of both IT and medical devices, allowing for proactive measures against vulnerabilities and weaknesses, thereby serving as a powerful backbone for the transition to smart healthcare."
Chiuan-Jung Chen, Director of the Information Technology Office at NTUH
Benefits
In working with Claroty to develop the visual dashboard, NTUH has seen several key benefits.
Faster incident response and collaboration: Teams can immediately identify the affected device’s IP, brand, model, and location to mobilize clinical engineering or vendors and reduce risk.
Weeks saved on audit prep and inventory: By replacing spreadsheet uncertainty with reliable visibility, automated asset inventory, and instant device histories, NTUH reduced a weeks-long manual entry process into reports that take minutes to generate, freeing staff time for higher‑value work.
Stronger, compliant security posture: NTUH became the first hospital to fully implement the Ministry of Health and Welfare’s published Implementation Guidelines for Cybersecurity Protection of Medical Device Information Systems, creating a controlled-risk foundation for smart healthcare.
“During medical evaluations or cybersecurity audits, we can instantly retrieve connection behavior and historical records for any device. This reduces the manual inventory process – which previously took weeks – to automated presentation within minutes, allowing our valuable staff to achieve maximum efficiency."
Chiuan-Jung Chen, Director of the Information Technology Office at NTUH
Conclusion
NTUH has successfully transitioned from a process of manual inventory management to a sophisticated, data-driven security posture. By unifying visibility across IT and clinical environments, integrating with SOC workflows, and prioritizing availability and patient safety, NTUH materially improved cyber resilience without disrupting care. The team recommends starting with automated asset inventory to build an objective data foundation and co-designing defenses with clinical engineering for sustained, real-world impact.
