CI Security announced a set of unique partnership integrations with leading Internet of Things (IoT) and Internet of Medical Things (IoMT) security vendors Ordr, Medigate, and Cylera, combining device security and visibility with 24×7 Critical Insight MDR.
Connected medical devices (IoT/IoMT) create a unique challenge for healthcare organizations. In hospitals, security risks can translate into patient risks, and while IT security teams are increasingly focused on addressing these risks, they often lack visibility into the security posture of IoMT environments.
Asset inventory can also be outdated and inaccurate due to a reliance on manual processes. While biomed and clinical engineering teams are increasingly collaborating with IT security teams, IoMT is notoriously difficult to manage.
Vulnerability management is especially difficult, as medical devices cannot typically be scanned by standard vulnerability management solutions, as active scans have the potential to disrupt the performance of a connected medical device. Thus, lists of known vulnerabilities are not well maintained, especially if the asset inventory is incomplete.
Even when vulnerabilities are known, many medical devices run outdated or unsupported operating systems, such that the manufacturer may not support patching of the operating systems.
The combination of device management solutions and MDR can provide holistic risk reduction.
Solutions like Ordr, Medigate, and Cylera passively ingest data from networks to identify IoT and IoMT, creating an accurate and detailed inventory. From that inventory, vulnerabilities and key risks can be identified so that they can be managed. These tools provide critical information to IT teams so that they can manage security risks.
By combining these tools with CI Security’s Critical Insight MDR solution, CI’s expert security analysts can provide 24×7 monitoring of the IoT and IoMT environments.
The threat detection capabilities provided by the Critical Insight MDR platform, coupled with additional alerts and capabilities from the IoT and IoMT device security solutions, allow CI to identify anomalies and signs of potential threat activity.
Because CI’s security analysts perform full and thorough investigations, they can alleviate the alert fatigue felt by IT Security personnel from the many systems that produce alerts.
CI will escalate incidents only in situations when a real threat is present, and CI’s security analysts will provide critical response support. CI can also augment its response guidance with information from the detailed device inventory provided by the device management solution.
For organizations that require a fully scoped security assessment, CI Security’s professional services organization can further perform Biomedical Risk Assessments or IoT Risk Assessments to organizations through these partnerships, helping fulfill critical regulatory or risk management needs.
“Now, organizations can benefit from the robust Critical Insight Managed Detection and Response offering coupled with deep visibility into their IoT/IoMT devices. Because CI absorbs the work of 24×7 monitoring, busy healthcare IT teams can focus on the transformative projects that are enabled by the device management solutions, knowing that acute security issues will be escalated to them from CI’s security analysts should they occur,” said Garrett Silver, CEO of CI Security.
“CI Security continues to be a leader in MDR for healthcare. With our existing expertise amplified by our new IoT/IoMT security partnerships, we can significantly reduce the operational burdens placed on healthcare organizations and their security teams, freeing capacity so they can work on the urgent projects and innovations that support patients and their families.”
“From my work in hospitals, I’ve seen firsthand how life-saving devices get added to the network and create security challenges,” said Drex DeFord, former CIO at Seattle Children’s Hospital and CI Security executive strategist. “These new partnerships address this problem and allow security teams to get a real handle on the IoT/IoMT devices on their networks.”