Premium Reports
Contact KLAS
 Download Report Brief  Download Full Report    Zoom in charts



Related Series

Healthcare IoT Security 2023
Healthcare IoT Security 2022

Related Segments

 End chart zoom
Internet of Medical Things (IoMT) 2019 Internet of Medical Things (IoMT) 2019
* A page refresh may be necessary to see the updated image

Internet of Medical Things (IoMT) 2019
Standout Vendors in an Early Market

author - Joe VanDeGraaff
Joe VanDeGraaff
author - Dan Czech
Dan Czech
October 1, 2019 | Read Time: 6  minutes

As healthcare IT has become increasingly interconnected, securing medical devices—many of which were not purpose built for usage on a computer network—has become a top priority for healthcare security professionals. In response, a plethora of Internet of Medical Things (IoMT) software has emerged, creating high purchase energy, especially among larger organizations. To better understand this market energy, KLAS spoke with 47 unique organizations that have recently selected an IoMT vendor to determine which vendors they considered and ultimately selected, what factors contributed to their decision, and how they engaged with third-party services firms. Future KLAS research will delve further into how these IoMT vendors actually perform.

About KLAS

Driven by a mission to improve the world’s healthcare, KLAS is a healthcare-focused research firm whose data helps provider, payer, and employer organizations make informed software and services decisions. Powered by insights and experiences discovered in the 25,000+ interviews with healthcare organization leaders and end users that KLAS conducts each year, KLAS’ work creates transparency in the healthcare market and acts as a catalyst for software vendors and services firms to improve their offerings.

common iomt solution capabilities

Zingbox Drives Most Market Energy; Some Potential Buyers Put Off by Issues with Sales Process

Included in nearly all competitive IoMT purchase decisions, Zingbox is considered more often than any other vendor in this research. This is due largely to the product’s first-to-market advantage (it became available mid-2016) and its technical capabilities, including accurate identification of devices (both IoMT and IoT) and actionable insights derived from granular device data. The feedback from organizations that considered Zingbox but ultimately selected another vendor reveals incongruency in Zingbox’s pre-sales process—some received overly aggressive resources, while others say theirs were disinterested or not the right personnel to be giving the demo. Nearly one-third cite Zingbox’s pricing model as a reason for not choosing the vendor. Zingbox has been addressing this issue, and organizations that made decisions more recently are less likely to mention this concern. Palo Alto Networks recently announced their intent to acquire Zingbox.

percent of time considered in competitive deals

Among Cross-Industry Vendors, Ordr’s Culture Resonates

While technology factors are the most common reason organizations cite for choosing a specific vendor, many IoMT solutions offer similar core capabilities. Thus, organizations look for vendors that can deliver more than just technology. In this environment, Ordr (CloudPost)—another cross-industry early market entrant that has seen rapid growth and high consideration—is frequently chosen for their company culture, which includes strong Cisco roots, speedy and responsive turnaround on customer requests, a willingness to share knowledge, and strong investment in customer success. However, like Zingbox, Ordr is also described as having some pre-sales
challenges, including high-pressure sales tactics and hard-to-follow demos.

reasons vendors were selected all vendors combined

"Other" includes actionable insights, future outlook, IoMT focus, lack of competitors, scalability, and vendor guidance.

reasons vendors were selected by vendor

CyberMDX and Medigate Carve Out Considerations Due to Healthcare Focus

While cross-industry vendors Zingbox and Ordr lead the way in considerations, interest in CyberMDX and Medigate is growing as provider organizations recognize the need for healthcare focus and expertise. Both vendors are seen as unique for their internal device-vulnerability research teams. Those that choose CyberMDX are drawn to the vendor’s data accuracy and willingness to partner. While some organizations that choose not to purchase CyberMDX report product-maturity concerns, many of those who do choose the vendor welcome the opportunity to codevelop the product with CyberMDX and highlight the vendor’s responsiveness, frequent touch points, and flexibility and speed in adapting the product. Medigate customers overwhelmingly point to integration as the leading factor in their purchase decision, something that is not the case for other vendors. Medigate's integration with key security solutions enables customers to create and enforce security policies, exchange critical information, and quickly secure at-risk devices. Customers also highlight a knowledgeable, energetic staff that is hands on in addressing customer needs. Medigate's integration capabilities, however, are not enough for some healthcare organizations; nearly half of those who considered but did not select Medigate felt the vendor was not ready to cover all devices (i.e., non-medical devices) at the time their
decision was made.

Lack of Healthcare Reference Sites Keeps Some Organizations from Choosing Broad IoT Vendor Armis

reasons vendors were not selected all vendors combined

Cross-industry Armis is less considered than the mindshare leaders. Key factors mentioned by the few interviewed provider organizations that selected Armis include cost, partnership, and broad IoT capabilities. Organizations that did not select Armis cite concerns about product maturity and a lack of healthcare reference sites. Looking for creative ways to manage IoMT security, organizations also considered a slew of other cross-industry vendors who were ultimately deemed to lack the needed core capabilities or healthcare depth. A handful considered Forescout Technologies but decided the NAC functionality didn’t meet their core device-discovery/asset-management needs. Other vendors considered but not chosen include Aruba, Cisco, Conventus, Forcepoint, Fortified Health Security, Glassbeam, KPI Digital, LogRhythm, MedCrypt, Observable Networks, Qualys, Securolytics, Securonix, Splunk, and WootCloud.

reasons vendors were not selected by vendor

Considerations of New Vendors Asimily and Cynerio Accompanied by Company Maturity Questions

Though the IoMT market as a whole is still nascent, some prospective customers report concern about Asimily’s and Cynerio’s lack of early market share. However, considerations of these healthcare-focused vendors are on the rise. Asimily’s early customers include large, multihospital IDNs who chose the vendor due to accurate device inventories and strong risk assessment and stratification abilities. Early Cynerio customers (who are typically standalone hospitals) recognize that the product is still being developed and selected Cynerio because of the solution’s easy-to-use interface and strong technology base. New healthcare-focused entrants Culinda and MediTechSafe offer the same core device-discovery and asset-management capabilities as some of the mindshare leaders. They have yet to gain significant traction but are receiving some initial consideration.

Great Bay Software and Virta Labs Seen as Slow Movers
in Fast-Paced Market

Neither Great Bay Software nor Virta Labs are top of mind for healthcare organizations’ IoMT needs. KLAS validated no recent contracts for either solution. Great Bay Software, a cross-industry IoT vendor with NAC roots, was considered a handful of times but ultimately lost deals because their tool didn’t meet core discovery needs or was deemed too resource intensive. Healthcare-focused Virta Labs also received a handful of considerations, but a high price tag and immature product, which organizations saw as misaligned with their core needs, led organizations to select other solutions.

relative market share estimates contracted customers

IoMT Services Market Immature, Despite Flurry of Partnerships; Optiv Most Mentioned

Near the end of 2018, many IoMT vendors and security services firms announced partnerships intended to augment IoMT software offerings and fill gaps in support, guidance, and even day-to-day product management. Almost half of interviewed provider organizations have engaged a services firm to help with their medical device security needs. They report using a wide variety of firms; of the 22 mentioned, only Optiv, Deloitte, Fortified Health Security, and Meditology Services were mentioned more than once. All were engaged for vendor selection as well as the following: Optiv helped customers understand the IoMT market and complete the RFP process; Deloitte performed a medical device risk assessment and translated IoMT needs into business terms for senior leadership; Fortified Health Security customers leveraged existing relationships with the vendor to get help testing integration and implementing and optimizing their IoMT solution; Meditology Services helped with medical device risk assessment and road-map development.

validated service firm usage
significant services firm partnerships by iomt vendor

Top-Considered Vendors—At a Glancetop considered vendors at a glance key

Includes only those vendors who were considered by three or more interviewed organizations

armis asimily cybermdx cynerio forescout technologies
great bay software medigate ordr virta labs zingbox
author - Elizabeth Pew
Elizabeth Pew
author - Madison Moniz
Madison Moniz
author - Robert Ellis
Project Manager
Robert Ellis
 Download Report Brief  Download Full Report

This material is copyrighted. Any organization gaining unauthorized access to this report will be liable to compensate KLAS for the full retail price. Please see the KLAS DATA USE POLICY for information regarding use of this report. © 2024 KLAS Research, LLC. All Rights Reserved. NOTE: Performance scores may change significantly when including newly interviewed provider organizations, especially when added to a smaller sample size like in emerging markets with a small number of live clients. The findings presented are not meant to be conclusive data for an entire client base.

Related Segments