Ordr Publishes Connected Device Security Maturity Model to Guide Healthcare Organizations on the Path to Zero Trust

Ordr, the leader in connected device security, today published a maturity model aimed at helping healthcare organizations benchmark their connected device security efforts and develop a strategy to improve the efficiency and strength of their security programs.

Entitled “A Practical Guide: Implementing Connected Device Security for Healthcare Organizations,” the document serves as a framework for healthcare security teams, helping them understand where their organization is on the connected device security maturity curve, and where to focus efforts to make improvements. The guide organizes the stages of maturity into five steps, including detailed descriptions, requirements, and the potential business value realized at each stage. Recommended actions, technical considerations, and helpful insights are included as well, to help teams learn how to improve their security posture, become more resilient, and advance their security efforts as they move toward Zero Trust.

Connected devices play an essential role within a healthcare organization – gathering data, providing diagnostics and therapeutic functions, and automating activities. But those same connected devices also expand the attack surface and create risk for healthcare providers. In fact, the healthcare sector faced the most ransomware attacks of any industry last year, according to the FBI’s 2021 Internet Crime Report, resulting in losses of $6.9 billion.

“A majority of healthcare organizations today rely on Internet of Things (IoT), Internet of Medical Things (IoMT), and Operational Technology (OT) devices to provide critical patient care, improve efficiencies, and manage the facility. The truth is, connected devices are everywhere in healthcare, which can make protecting them a daunting task,” said Pandian Gnanaprakasam, Chief Product Officer and co-founder of Ordr. “At Ordr, we’ve gained deep expertise working with customers of all sizes and at all stages of maturity. We understand the complexities that security teams in healthcare struggle with everyday – and we’re proud to share our insights with the community, to be used as a guide on the journey to Zero Trust.”

The five steps of the maturity model include:

Asset Visibility: This stage includes creating a complete, accurate and up-to-date asset inventory by automating discovery and classification for all known, unknown, and new devices, in addition to identifying risks.

Vulnerability and Risk Management: This stage encompasses creating a risk-based view of connected devices by combining device vulnerability insights, establishing device behavior baselines, and reviewing external threat intelligence inputs to gain a comprehensive view of the attack surface, guiding security efforts.

Reactive Security: This stage uses connected device insights and the risk-based view from the previous stages, combined with business context, to help teams understand device risk in their unique environment, prioritizing risk mitigation and incident response efforts.

Proactive Security: In this stage, teams automate policies and workflows to ensure rapid threat detection and response. Teams also develop and implement proactive measures such as Zero Trust segmentation to reduce the attack surface ahead of threats, enabling teams to focus on more complex threats.

Optimized Security: At this stage, teams continue to build on the foundation they have created to expand and optimize their security methods with automation and proactive Zero Trust security policies, aligning and scaling with organizational demands.

“While all industries are at risk of cyberattack, the potential outcomes of attacks on healthcare organizations could be catastrophic, with real consequences for patients,” added Brad LaPorte, author of the guide and former Gartner cybersecurity analyst. “Organizations cannot expect to reach the Optimized Security stage instantly. Each stage establishes critical capabilities, builds upon previous stages, and creates value on the journey to Zero Trust. No matter where you are on this journey and what your ultimate goal is, this guide provides essential insights to understanding your security posture – and what is needed to improve.”

To learn more about Ordr’s connected device security maturity model for healthcare organizations, please sign up for the January 19th Ordr of Business webinar: Healthcare’s Guide to Connected Device Security Maturity Model – The Road to Zero Trust.

SourceOrdr

Hot this week

Cartessa Aesthetics Partners with Classys to Bring EVERESSE to the U.S. Market

Classys, which is listed on the KOSDAQ, is one of South Korea's most distinguished aesthetic technology manufacturers, with devices distributed in 80+ markets globally. This partnership marks Classys's official entry into the American marketplace, with Cartessa Aesthetics as the exclusive distributor for EVERESSE, launched under the Volnewmer brand in current global markets.

Stryker Launches Next-Generation of SurgiCount+

Now integrated with Stryker's Triton technology, SurgiCount+ addresses two key challenges: retained surgical sponges and blood loss assessment. Integrating these previously separate digital solutions provides the added benefit of a more efficient, streamlined workflow for hospitals notes Stryker.

Nevro Receives CE Mark In Europe for It’s HFX iQ™ Spinal Cord Stimulation System

Nevro notes HFX iQ is the first and only SCS system with artificial intelligence (AI) technology that combines high-frequency (10 kHz) therapy built on landmark evidence that uses ongoing cloud data insights to deliver personalized pain relief

Recor Medical Reports: CMS Grants Distinct TPT Device Code and Category to Recor Medical for Ultrasound Renal Denervation

The approval of TPT offers incremental reimbursement payments for outpatient procedures performed with ultrasound renal denervation for Medicare fee-for-service beneficiaries. It becomes effective January 1, 2025, and is expected to remain effective for up to three years notes Recor Medical.

Jupiter Endovascular Reports | 1st U.S. Patient Treated with Jupiter Shape-shifting Thrombectomy Device

“Navigation challenges during endovascular procedures are often underappreciated and have led to under-adoption of life-saving procedures, such as pulmonary embolectomy. We have purpose-built our Endoportal Control technology to solve these issues and make important endovascular procedures accessible to more clinicians and their patients who can benefit from them,” said Carl J. St. Bernard, Jupiter Endovascular CEO. “This first case in the U.S. could not have gone better, and appears to validate the safety and performance we are seeing in our currently-enrolling European SPIRARE I study.”
Exit mobile version