Healthcare IoT Security 2023
An Update on Vendor Performance and Deep Adopter Utilization

Medigate Maintains High Customer Satisfaction Post-Acquisition; Palo Alto Networks Customers Note Continued Integration Challenges

Regardless of vendor, most customers are satisfied with their healthcare IoT security solution, but the performance gaps between vendors have widened over time. Medigate, the 2023 Best in KLAS winner for Healthcare IoT Security, was acquired by Claroty in 2022 and has maintained high customer satisfaction over the years. Customers continue to report high levels of vendor engagement and partnership; they also state the solution is easy to use and flexible and has broad integration capabilities. Some respondents mention they are looking forward to the non–medical device capabilities (e.g., OT visibility) the Claroty acquisition will bring. Palo Alto Networks—who acquired Zingbox in 2019—has broad, cross-industry cybersecurity experience, and a few respondents are using or considering adopting the vendor’s non-IoT cybersecurity offerings (e.g., firewalls). Reported challenges include the integration needing improvement and slow problem resolution due to the vendor’s size. Legacy Zingbox customers note that while the product has not changed since the acquisition, their satisfaction has declined over time due to a misaligned vision with Palo Alto Networks and the support team’s lack of Zingbox experience. Non-Zingbox customers report higher satisfaction, citing good communication with the vendor.

What about CloudWave (Sensato Cybersecurity Solutions)?

In 2022, CloudWave acquired Sensato Cybersecurity Solutions, which specializes in providing software solutions as well as services to provider organizations (mainly rural, community, and specialty organizations). The limited number of customer respondents say the vendor’s unique offering and focus helps them manage security risks while alleviating staffing burdens. While all respondents are satisfied with the vendor, a few longtime customers note a decrease in response and resolution times pre-acquisition due to fast growth, causing staff to be overloaded and new employees to be insufficiently trained. A couple of respondents also want more visibility into the data the vendor monitors for them.

Customers See Medigate & Cynerio (Limited Data) as Easy to Use; Non-Cybersecurity Users of Ordr & Asimily (Limited Data) May Need More Hands-On Training

Medigate customers find the usability of the solution to be straightforward and intuitive. One respondent says the system interface doesn’t heavily use technical terms, enabling people of various backgrounds to easily understand the solution. A couple of customers mention having difficulty generating reports due to the number of steps. Cynerio users (limited data) likewise find the solution easy to navigate. A few respondents feel that there is no need for training, and others appreciate that the vendor provides terminology education and instructions for problem-solving. Some note that the solution needs improved integration capabilities and additional features. Ordr respondents highlight that the vendor has recently worked to increase integration capabilities with medical devices and other systems (e.g., ServiceNow, other security programs). The vendor offers a Masterclass training series, which customers say is helpful but can be challenging for non-cybersecurity users (e.g., biomed staff); they also note that due to the series’ self-guided nature, the amount of knowledge gained can vary by user. Some respondents want Ordr to be more involved in training, especially after go-live, to increase user buy-in. Customers of Asimily (limited data) appreciate the good vendor relationship, citing that Asimily listens to their needs and has healthcare cybersecurity expertise. Several users highlight how the system recommends solutions for the potential risks it identifies. Respondents state that non-cybersecurity users starting to use the system may need more time to become familiar with it; additionally, some request step-by-step training and more-frequently updated user manuals for upgrades.

AN EARLY LOOK AT DEEP ADOPTER UTILIZATION

Cross-Industry Vendors Armis & Ordr Meeting Healthcare Needs; Most Vendors Deliver Well and Regularly Communicate Vision to Clients

Historically, provider organizations have shared that cross-industry vendors are less likely to have needed healthcare expertise, but feedback from deep adopters of cross-industry vendors Armis and Ordr show that both meet healthcare-specific needs (e.g., asset management and medical device utilization). Over half of interviewed Armis customers are larger organizations (500+ beds), but the customer experience is consistent regardless of size; deep adopters report the vendor has improved the product over time even while experiencing fast growth. While multiple deep adopters note the vendor provides a learning portal, they would like more direct help with the Armis Standard Query tool (which can be challenging for new users). Ordr deep adopters, who vary in organization size (200–1,000+ beds), say the solution can be utilized across departments, enabling them to work together through the Persona feature. One deep adopter also highlights that recent upgrades include automated segmentation. Respondents appreciate that the vendor continues to improve the UI and add more integration capabilities to the road map. Interviewed deep adopters of Asimily would like the solution to automatically update device information once risks have been addressed, describing the current process as manual and cumbersome.

Across most vendors, deep adopters report receiving good communication via regular calls or meetings and that they can engage their vendors for things beyond IoT visibility. One Medigate deep adopter cites that the vendor shares knowledge and experience from other customers. A few deep adopters highlight how Cynerio categorizes recommendations by department (e.g., IT, biomed, senior leadership), enabling all needed parties to work together effectively. One Palo Alto Networks deep adopter reports heavily investing in the vendor’s security stack to gain broader security coverage. In general, customers want the vendor to provide more proactive outreach, noting that it is difficult to gain the large cross-industry vendor’s attention quickly.

Vendor Bottom Lines

Fully Rated Vendors

Vendors ordered alphabetically

Armis (Cross-industry)

Cross-industry Armis has seen fast growth and meets customer healthcare needs via (1) integration and (2) help with asset management and medical device utilization. Customers appreciate the convenience of the training portal; a couple note that Armis Standard Query can be challenging and want more vendor guidance. Some respondents feel the UI could be more intuitive.

“We have become sensitive to and aware of the hazards surrounding cybersecurity and the risk of penetration of personal health information via different medical devices and applications. The Armis application is robust and can see all network-connected devices. It is really incredible to see the amount of horsepower that the Armis platform brings to the table for us. The product really is a great tool.” —Director

“The ease of use within Armis IoT Solutions is basically on par with other tools. It is not easy to use straight out of the box. It took a lot of customization on our part.” —Director

Medigate by Claroty (Healthcare-specific)

Multiyear Best in KLAS winner Medigate is seen as having strong customer relationships. Some respondents say they didn’t notice the Claroty acquisition because it was so smooth. Overall, users feel the system is intuitive and easy to use; a couple of respondents mention integration gaps and want more flexibility with reports.

“Medigate was recently acquired by Claroty, and that has been fine so far. I have worked with other vendors in the past that were acquired and changed in ways that soured our relationships with them. That has not been the case with Claroty. In fact, Claroty has leaned into maintaining positive relationships with existing Medigate customers. Claroty is guiding their road map to be more in line with Medigate’s technology than we expected.” —CISO

“A lot of solutions have the ability to create custom reports. That takes a lot of steps in the Medigate solution, and those steps are not granular. The system has a lot of disconnects. We can’t save custom reports in the system, and it takes too many clicks to manage report screens.” —Manager

Ordr (Cross-industry)

Vendor is noted for providing strong integration with devices and security systems and is in the process of building broader integration capabilities. Customers enjoy the Persona feature that enables collaboration with multiple teams. Respondents note new users may need more hands-on system training. Some also report staffing shortage challenges, citing turnover with trainers and slow responses from the support team.

“Meeting our IoT security needs is a pretty big thing, but Ordr Platform helps us manage our other security as well as validation with our other security systems. When we find some sort of vulnerability, Ordr comes up with a solution for monitoring that type of traffic on top of our other security. They are a great partner in layered security. Recently, Ordr integrated their system with one of our partners’ systems, and that integration allows us to do segmentation in a much more automated fashion than we would have been able to do in the past. While that is a requirement for more than just IoT security, it is a value add that was a panacea for a long time and is now a reality. Without Ordr Platform, we would have a huge gap in our visibility. It has been a great product for us.” —CIO

“We don’t usually use the phone support from Ordr because we can’t talk to a live person right away; the vendor calls us back. We typically use the vendor’s web support. It is easy to enter a ticket, but communication on the tickets can be lacking. We have to follow up on tickets, and the vendor is reactive. The vendor claims they are monitoring their hardware and various things, but it still seems like we are the ones having to open tickets or follow up on tickets. That has been a struggle.” —Analyst

Palo Alto Networks (Cross-industry)

Cross-industry vendor with wide cybersecurity offerings. Acquired Zingbox in 2019; interviewed Zingbox customers note the product hasn’t changed but are less satisfied with support and communication. Non-Zingbox customers report better experiences with the vendor. Overall, customers want to see an improved vendor relationship, more proactive communication about product development, more responsive support, and more integration (though they note vendor has been working on this).

“The product is a good fit for us because we have other Palo Alto Networks products. The data that is captured by the product is usable by other Palo Alto Networks products, and that was the vendor’s goal. The integration is a bonus to us and ties in well for an organization that has traffic between their servers. There aren’t a lot of companies that have that kind of integration. As an example, there is a certain number of CT scan machines, and the product should understand who the vendor is and be able to build a group. The system should also help me understand a room I could build to ensure that there is only necessary traffic. I only want the system to communicate to the vendor in question and not to everything else on the internet. The logic is great, and we are looking to take advantage of it. From a biomedical standpoint, we get information that we wouldn’t even know about from a security standpoint, such as whether a CT machine has a vulnerability.” —Manager

“We know that there are more devices out there than the system can discover. The system needs an expansion on its hardware side. Palo Alto Networks is adding appliances, but those appliances are pretty much internal firewalls, and they have way more than what we need. The vendor is going in a different direction than we want to go in, so we are exploring our options.” —Analyst

Limited Data Vendors

Vendors ordered alphabetically

Asimily (Healthcare-specific)

All interviewed Asimily customers are satisfied, citing the vendor’s good customer relationships, healthcare IoT expertise, and willingness to listen to and work with customers. Some respondents report that the system can’t automatically identify when vulnerabilities have been resolved and that users have to manually resolve them.

“The things that drew me to the product were the level of attention to detail from Asimily’s support team, the vendor’s expertise and focus on healthcare use cases, and the level of integration the product had with many of the other tools that we were using. Asimily has a lot of thought leaders that have published books on the topic of security, and they are very knowledgeable about cybersecurity within healthcare, especially around medical devices and IoT devices. Asimily has people on staff that have been in my shoes and have operational experience within large healthcare institutions. That has been instrumental because I know they are not just giving me theoretical feedback on processes and how to get traction with the program. They have real-life experience.” —Director

“When a vulnerability is identified and then addressed in the Asimily solution, we have to manually go into the system and say the vulnerability has been addressed because we don’t have the connectivity. We have to tell the CMMS that we addressed the issue, and then we have to go over to the Asimily solution and update it there too. I am hoping for some interfacing to connect those two systems because if we have thousands of issues to input into the system, we are going to be doing that process several times.” —Director

CloudWave (Sensato Cybersecurity Solutions) (Healthcare-specific)

CloudWave recently acquired Sensato Cybersecurity Solutions, which is known for providing IoT software and managed services to smaller hospitals, particularly critical access hospitals. All respondents are satisfied, though some note growing pains, like a lack of resources. A few interviewed customers want visibility into the data the vendor monitors.

“Sensato Cybersecurity Solutions provides a unique service for critical access hospitals. The vendor’s medical device monitoring is especially unique. I didn’t see anything for medical devices from the other vendors. I have looked at a few other vendors that didn’t monitor medical devices as much as Sensato Cybersecurity Solutions does. The best thing is that Sensato Cybersecurity Solutions keeps an eye on our network 24/7. Other vendors would give us the software, and then we would have to worry about not only getting the alerts but also mitigating the alerts ourselves. Sensato Cybersecurity Solutions actually tells us what we need to do. If we need assistance, they are always willing to help us.” —CIO

“Sensato Cybersecurity Solutions has some scaling to do. They need to get a little better at problem resolution. Finding good people to work in security is so hard today because everybody wants to hire security professionals. There is nobody around, so it is hard to get the staff that is needed to scale up a company like Sensato Cybersecurity Solutions. I know Sensato Cybersecurity Solutions was signing up a lot of clients, so hopefully, they will meet that challenge. If they do meet that challenge, I will be satisfied overall, but most vendors we have today are understaffed.” —CIO

Cynerio (Healthcare-specific)

Customers report having a strong relationship with Cynerio due to high support quality and close executive communication. Product is seen as intuitive and easy to navigate; some users want more integration and features (e.g., user mode, ability to make suggestions for firewall rules, better dashboard).

“One reason we went with Cynerio is their willingness to partner with us above and beyond our contract language. For example, they go above and beyond in keeping their software current and developed. They are working with our teams to help us get better. They are providing us with training and customized services. Cynerio has stepped up to the plate for anything that we have needed from them, and they have not charged us additional dollars for it. They are doing this work as value added for the customer. Because of that, we have been able to address some of the concerns that we have had in relation to cybersecurity.” —Director

“We can’t specify date ranges in the dashboards for Cynerio IoMT Solutions, and that is not helpful when we need to report to our executives and show them that we are making progress. We need to be able to demonstrate metrics to our leaders. We need to show them that while hiring an additional person was costly, we are getting benefits and producing provable results.” —Manager

About This Report

Each year, KLAS interviews thousands of healthcare professionals about the IT solutions and services their organizations use. For this report, interviews were conducted over the last 18 months using KLAS’ standard quantitative evaluation for healthcare software, which is composed of 16 numeric ratings questions and 4 yes/no questions, all weighted equally. Combined, the ratings for these questions make up the overall performance score, which is measured on a 100-point scale. The questions are organized into six customer experience pillars—culture, loyalty, operations, product, relationship, and value.

To supplement the customer satisfaction data gathered with the standard evaluation, KLAS also asked deep-adopter customers the following questions specific to healthcare IoT security:

1. How well does your vendor meet your healthcare-specific needs for IoT?
2. How well does your vendor communicate their future road map/vision?
3. In what other ways beyond IoT security (additional services, other security solutions, etc.) does your vendor support your enterprise security needs/strategies?

Sample Sizes

Unless otherwise noted, sample sizes displayed throughout this report (e.g., n=16) represent the total number of unique customer organizations interviewed for a given vendor or solution. However, it should be noted that to allow for the representation of differing perspectives within any one customer organization, samples may include surveys from different individuals at the same organization. The table below shows the total number of unique organizations interviewed for each vendor or solution as well as the total number of individual respondents.

Some respondents choose not to answer particular questions, meaning the sample size for any given vendor or solution can change from question to question. When the number of unique organization responses for a particular question is less than 15, the score for that question is marked with an asterisk (*) or otherwise designated as “limited data.” If the sample size is less than 6, no score is shown. Note that when a vendor has a low number of reporting sites, the possibility exists for KLAS scores to change significantly as new surveys are collected.