KLAS Contact
Contact KLAS
Contact KLAS
2024 BEST IN KLAS
Preferences
Related Series
2023
2019
Related Segments
Healthcare IoT Security 2022
Moving beyond Device Visibility
Author
Joe VanDeGraaff
Author
Dan Czech
Author
Ciera Walker
As the number of devices connected to networks within healthcare organizations continues to grow, so does the potential for network security to be compromised. These security risks—which can come from medical devices or the myriad other devices connected to healthcare networks—can impact not only information security but patient safety as well. Many healthcare internet of things (IoT) security solutions give organizations visibility into connected devices, but the most effective solutions also help actively reduce the risk associated with those devices. To inform healthcare organizations of their IoT security options, this report highlights the performance and purchase decision energy of software vendors in this space. The performance of IoT security services firms is also shared.
High-Scoring Medigate & Ordr Continue to See High Market Energy; Armis’ Traction Increasing
Customers of Medigate—who was just acquired by Claroty (January 2022)—use the platform to manage assets/inventory, view device utilization, and identify device vulnerabilities. Of the vendors in this report, Medigate is most considered and most purchased by prospective customers, often because of the integration, intuitive interface, and functionality (e.g., device discovery). Current customers also mention the intuitive interface and praise Medigate for their collaborative relationships. Respondents appreciate that the vendor constantly upgrades the solution and subsequently trains customers. Cost is the most common reason for prospective customers to ultimately not choose Medigate. Ordr customers (often very large health systems) use the platform to do more than simply see what devices are connected to their network—they also track device utilization, identify abnormal device activity, and monitor traffic. Ordr receives high consideration; prospective customers’ reasons for choosing or not choosing Ordr vary widely. Customers report helpful training and education from Ordr, including Ordr’s Masterclass webinar series, and they also mention the user interface has been improved. Feedback around the integration is mixed, though it leans more positive.
Cross-industry vendor Armis has a quickly growing US healthcare customer base; they have recently signed contracts with some very large healthcare organizations and are often considered in purchase decisions. The limited number of interviewed Armis customers say they receive needed support without additional charges, and most cite device visibility and detection as their primary outcomes. Organizations who chose to purchase Armis highlight functionality and integration; prospective customers who ultimately didn’t choose Armis preferred other vendors’ interfacing or healthcare-specific focus.
Healthcare IoT Market Insights
The majority of respondents report that their vendor is at least moderately involved in risk-remediation efforts. Most respondents say their vendor approaches risk remediation in one of three ways: (1) they remediate risk with their platform’s technology, (2) they remediate risk with their services or support, or (3) they primarily leave risk remediation to the customer and assist when asked.
Palo Alto Networks Highly Considered but Trails the Market in Overall Customer Satisfaction
Palo Alto Networks offers a different approach to healthcare IoT security with their enterprise security solution, which provides IoT security in addition to other security solutions (e.g., firewalls). Customers are generally satisfied with the solution, though a couple report significant concerns. The most and least satisfied Palo Alto Networks customers are those who were originally customers of Zingbox, which Palo Alto Networks acquired in 2019. Many satisfied customers say the solution provides increased awareness of device vulnerabilities. Some say service levels, response times, and staff turnover have been challenges since the acquisition, while others say their service levels have been unaffected. A few dissatisfied respondents report challenges with functionality, such as a high number of unmatched devices, a difficult learning curve, and stagnant post-acquisition development. Respondents also note limited or complicated integration with various systems (e.g., firewalls, scanners, and the ticketing system). Frustration with device-discovery functionality has prompted multiple customers to replace or consider replacing Palo Alto Networks. The vendor’s post-acquisition IoT product is now part of the vendor’s broader security platform; in the last 12 months, KLAS validated one organization that purchased Palo Alto Networks in this way.
Asimily Rated High Value for Clinical/Biomedical Engineering; Cynerio Is Strong for IT/Networking Value
Asimily customers specifically mention the value of the solution’s asset and inventory management for clinical and biomedical departments. They trust Asimily to reduce medical device risk, and they describe the vendor’s teams as responsive and communicative. Organizations who choose Asimily often point to functionality and product quality as reasons for purchasing them. Cynerio customers note the solution helps them segment networks, identify necessary patches, and understand network vulnerability. They also say Cynerio makes helpful remediation recommendations and works with them to develop strong security strategies. Additionally, customers appreciate that Cynerio provides effective education around new features. While customers have historically been small to midsize hospital organizations, a few large organizations have recently selected Cynerio in purchase decisions. IT/networking functionality and pre-sales experience are the most commonly cited reasons for purchasing. Medigate and Ordr (described in more detail on the previous page) are rated highest for value to security departments.
A Note about Sensato
Sensato is a cybersecurity company that offers software as well as network-monitoring services, especially for small critical access hospitals (CAHs). Interviewed Sensato customers highlight how beneficial the vendor’s network-monitoring services are, and some are satisfied with Sensato’s integrations and healthcare focus. Two wish they could access their data independently rather than having to go through Sensato. Prospective customers infrequently consider Sensato alongside typical IoT security vendors. When the vendor is chosen, customers consistently report high satisfaction.
Services Firms: First Health Advisory Provides Expertise & Effective Risk Management
In addition to software products, healthcare organizations look to services firms to enhance their IoT security. Firms can offer IoT managed services (e.g., risk remediation, ongoing solution management) and IoT consulting services (e.g., security assessments and IoT strategy development). Interviewed First Health Advisory clients (validated as using the firm for only IoT consulting services) highlight the firm’s expertise and guidance, with a few praising specific resources for their deep technical knowledge. Clients are also satisfied with the firm’s collaborative partnerships, and several say the firm truly helps manage risk for their organization. CynergisTek clients similarly report quality staff with deep knowledge and expertise. The two respondents using CynergisTek for managed services give the firm an almost perfect score, reporting a proactive and responsive support team. Clients of Fortified Health Security mostly use the firm for IoT managed services. They appreciate the firm’s healthcare focus and reliability in managing risk. Three clients note that staff turnover has caused some disruptions.
Software Vendor Bottom Lines
Ordered alphabetically
Fully Rated Vendors
Medigate
2021 Best in KLAS winner. Recently acquired by industrial cybersecurity company Claroty (January 2022). Respondents highly praise the platform’s intuitive nature. Vendor consistently improves system and is considered and chosen in many purchase decisions. Customers often midsize or large.
“The interface and the capabilities of Medigate are far superior to the capabilities of other vendors we looked at. The way the product looks is not only more professional, but also well done, easier to use, and more intuitive. . . . What made the difference was the team of people behind the product. We really felt like we were being held by the hand throughout the entire process. That gives us confidence that we are going to be licensing something that we can utilize. If something goes wrong, Medigate is there.” —Security manager
“If Medigate could beef up the support staff they have, that would be helpful during the implementation. The support after the implementation is great, but during the implementation, the vendor could have more people available. Even though the installation is very simple and straightforward, it would still help to have more engineering talent on the vendor’s side. We also don’t have any packaged come-up-to-speed videos or things like that.” —CISO
Ordr
Offers strong technical background with several former Cisco employees. Almost all respondents satisfied. Customers frequently use platform to understand device behavior and information traffic. Mixed feedback on integration—some mention challenges, while others praise available integrations. A few say necessary fixes can take a while to be delivered. Respondents report an improved user interface.
“I would definitely recommend the system. The major strength is complete visibility into the endpoints for the traffic that we send through the solution. . . . That will assist us when we get into a more stringent RADIUS authentication requirement for our wired network. Another strength is the ability to see exactly what a device has talked to from either a profile view or a specific-device view. We can see what ports were used, how many times the communication happened, and what the date and time were. We can get a rather slick visual representation of that and easily export it.” —CISO
“We are looking to dump the information into our asset database and another tool our clinical engineers use. We were supposed to get integration with that through an API, and we ended up getting it, but Ordr took a much longer time to deliver that than we anticipated.” —CISO
Palo Alto Networks
Acquired Zingbox in 2019, and current customers are a mix of long-standing Zingbox customers and customers using the IoT product as part of Palo Alto Networks’ enterprise security offering. Feedback around integration and support is mixed, though a majority are satisfied. Several customers see risk remediation as their own responsibility, with the platform providing assistance.
“The product gives us fast and easy visibility for snap judgments. We can make educated decisions on what is going on in our environment very quickly with the tool. I have no doubt about what is happening because of the feedback I get. It is highly accurate from an IT and security perspective. The product is logical and easily understood. I have a high level of comfort with the feedback that we get.” —IT director
“When we bought a Palo Alto Networks firewall, we expected it to integrate with the other products from the vendor. I can see that Palo Alto Networks borrowed technology between the firewall and IoT Security, but the products don’t integrate directly yet. . . . One should be a module within the other, but that is not the way things are with the recent merger. . . . There are some things that should be intuitive that Palo Alto Networks just hasn’t done yet.” —Security manager
Limited Data Vendors
Armis
Cross-industry vendor growing their healthcare customer base. Has received enough funding that customers feel comfortable with their financial viability. Some customers say robust engineering team and available integrations contribute to satisfaction. One customer unsatisfied with decline in service, integrations, and lack of outcomes.
“The Armis system gives our organization visibility into devices on our network that we were lacking. With all the integrations provided, we are about to leverage the platform to effectively identify, investigate, and respond to threats. Since the majority of our tools are integrated with the Armis system, it has become our primary investigation tool for on-network devices, providing data enrichment and context.” —Security manager
“When we started digging into the actual data, we found there were some interesting discrepancies about how the vendor profiled things, like handling IP address changes, that aren’t very visible to the customer. If the IP address of a radiology workstation changes and becomes somebody’s workstation, we don’t have our network segmented properly, but Armis doesn’t necessarily have that information. . . . Now the workstation has a bunch of different vulnerabilities because that is what that workstation had when it came across the network. The data is there, but we can’t trust it; if we can’t trust it, then we can’t act on it.” —Security analyst
Asimily
All respondents very satisfied (on 100-point scale, all rate experience 90+). Customers report responsive, supportive relationships and high value for clinical/biomedical departments. User interface is most commonly mentioned opportunity for improvement.
“Asimily is on top of threats. My contact at Asimily sends me reports about what they are seeing and doing with respect to the medical device, and they give me recommendations. The recommendations are on target. I have a lot of faith in Asimily from a technical perspective to get the contracted job done. The niche is very important to us, and Asimily’s system has been a very good offering for us. I have been able to sleep at night with respect to medical devices. I can hand the work off to somebody who has a medical background and a lot of ins with a medical device database.” —Security director
“Tracking is an area that needs to be improved. Asimily’s inventory was a little stale. We didn’t really have a good inventory, but we do now. We are working on the reporting of the inventory so that we can see where the devices are, where they stand with respect to patching, and what specific attacks or vulnerabilities have been found in the scanning. I can log in to Asimily’s site and grab all of that information, but that takes me a lot of cycles. I want Asimily to give the information to me on a monthly or quarterly basis. . . . We want Asimily to be like a managed service security provider for medical devices where they do everything.” —Security director
Cynerio
All respondents satisfied (on a 100-point scale, most rate experience in 90s, one in 80s). Engaged vendor that helps customers go beyond device visibility to genuine risk reduction. Customers report high value in IT/networking departments. Has small, midsize, and large customer organizations; organizations that have recently chosen to purchase Cynerio validated as mostly large.
“As soon as Cynerio releases a major update, they provide education for our team. In fact, Cynerio has regular meetings where they review with us what they recommend for the next steps for mitigation. . . . They are helping us determine which things we should tackle first to be more productive and effective in our cybersecurity goals. . . . Cynerio can have the best product on the planet and the most innovative technology, but if people don’t know how to use it or how to implement or access it, it will be a complete failure. Cynerio has taken that idea to heart, and they have really stepped up.” —IT director
“At first, Cynerio’s tech support was based out of Israel, and our time zone difference was an issue. But when we meet with the vendor now, we meet with them early in the morning. That works for us. But I don’t know what we would do if we were in another time zone. Maybe I am too nice, but I would hate to make someone work late at night to be able to deal with me. If the vendor gets a little larger, maybe they will be able to put some people in the United States for support. That would be helpful.” —CISO
Sensato
(software-enabled services)
Offers a different approach than other solutions in this report by doing active security monitoring on behalf of health organizations. Customers are most often smaller organizations, and most report being very satisfied with the monitoring and level of service. Most common complaint from two lowest-scoring respondents is a desire for more visibility into their own data.
“Sensato Cybersecurity Solutions is very responsive. . . . Even with emails or an open case online, Sensato Cybersecurity Solutions gets back to us quickly, especially if we mark an issue as high priority. We have frequent meetings where we review the vendor’s recommendations, and they answer any questions that we have. They are proactive. They tell us things before we are aware of them.” —CIO
“The product is a bit like a black box for us, and the vendor has been working toward allowing customers access to certain things. We want to see data in real time instead of having to make phone calls or reach out to the vendor. We want to avoid having to go to the vendor for escalation.” —Security manager
Other Validated Vendors
CyberMDX
Not enough customer feedback to be rated. Organizations considered CyberMDX in six purchasing decisions, and one ultimately chose to purchase because of interface and pricing. Forescout recently announced their acquisition of CyberMDX (February 2022).
Cylera
Not enough customer feedback to be rated. Organizations considered Cylera in two purchasing decisions; no KLAS-validated US wins in 2021.
About This Report
The data in this report comes from two sources: (1) KLAS Decision Insights data and (2) KLAS performance data.
KLAS Decision Insights Data
All references in this report to organizations’ purchasing motivations come from KLAS’ Decision Insights data. Since 2017, KLAS has been gathering information as to which vendors are being replaced, considered, and purchased and what factors drive these decisions. KLAS Decision Insights data does not represent a comprehensive census or win/loss market share study. Rather, it is intended to help organizations understand which vendors have market energy and why. The data set in this report comes from 30 organizations that are making or have recently made a healthcare IoT security software purchase decision validated by KLAS between December 2020 and December 2021.
KLAS Performance Data
Each year, KLAS interviews thousands of healthcare professionals about the IT solutions and services their organizations use. For the software solutions in this report, interviews were conducted over the last 12 months using KLAS’ standard quantitative evaluation for healthcare software, which is composed of 16 numeric ratings questions and 4 yes/no questions, all weighted equally. Combined, the ratings for these questions make up the overall performance score, which is measured on a 100-point scale. The questions are organized into six customer experience pillars—culture, loyalty, operations, product, relationship, and value.
For the services solutions in this report, interviews were conducted over the last 18 months using KLAS’ standard quantitative evaluation for healthcare services, which is composed of 9 numeric ratings questions and 3 yes/no questions, all weighted equally. Combined, the ratings for these questions make up the overall performance score, which is measured on a 100-point scale. The questions are organized into five customer experience pillars—loyalty, operations, relationship, services, and value.
To supplement the customer satisfaction data gathered with the standard evaluation, KLAS also created a supplemental evaluation to delve deeper into multiple questions specific to the healthcare IoT security software market. This evaluation asked customer respondents (1) how effective their vendor is at helping them take advantage of new features and capabilities, (2) how actively involved their vendor is in helping them enact risk-remediation efforts, and (3) how valuable their solution is to various departments in their organization.
Sample Sizes
Unless otherwise noted, sample sizes displayed throughout this report (e.g., n=16) represent the total number of unique customer organizations interviewed for a given vendor or solution. However, it should be noted that to allow for the representation of differing perspectives within any one customer organization, samples may include surveys from different individuals at the same organization. Ratings from these individuals are aggregated in order to prevent any one organization’s feedback from disproportionately impacting a score. The tables below show the total number of unique organizations interviewed for each vendor or firm as well as the total number of individual respondents.
Some respondents choose not to answer particular questions, meaning the sample size for any given vendor or solution can change from question to question. When the number of unique organization responses for a particular question is less than 15 for software solutions or less than 6 for healthcare services, the score for that question is marked with an asterisk (*) or otherwise designated as “limited data.” If the sample size is less than 6 for software solutions and less than 3 for healthcare services, no score is shown. Note that when a vendor has a low number of reporting sites, the possibility exists for KLAS scores to change significantly as new surveys are collected.
Writer
Sarah Hanson
Designer
Natalie Jamison
Project Manager
Mary Bentley
This material is copyrighted. Any organization gaining unauthorized access to this report will be liable to compensate KLAS for the full retail price. Please see the KLAS DATA USE POLICY for information regarding use of this report. © 2024 KLAS Research, LLC. All Rights Reserved. NOTE: Performance scores may change significantly when including newly interviewed provider organizations, especially when added to a smaller sample size like in emerging markets with a small number of live clients. The findings presented are not meant to be conclusive data for an entire client base.