CIO Bulletin

CyberMDX: An IoT security leader dedicated to protecting the delivery of quality healthcare worldwide

The Internet of Things is about to significantly transform the healthcare industry. Just a decade ago we could only dream about remote patient monitoring and smart health management, now we are witnessing a widespread integration of connected medical devices, IoT healthcare sensors, IoT-enabled analytics platforms, and medical applications. We recommend CyberMDX, who is one among the distinguished companies utilizing Internet of Medical Things (IoMT), to the fullest.

CyberMDX, a Forescout Company, builds an accurate inventory of a healthcare delivery organization’s (HDO) device fleet and provides a single place to view and prioritize all device groups. Utilizing the company’s unique Device Centric Risk Management (DCRM) approach, CyberMDX layers security around the network at the device level and helps HDOs prioritize and mitigate the threats present within their networks based on the level of severity and criticality to the organization. The company researches, tracks, alerts, validates, analyzes, and helps healthcare organizations with their compliance issues.

CyberMDX protects the devices that healthcare delivery organizations like yours count on every day to keep people well and alive. You can’t deliver quality care when your means to provide that care is compromised.

Let’s understand in depth about CyberMDX while in conversation with Azi Cohen, CEO

Q. Why do you think medical device security is necessary for quality care delivery?

It’s actually less about what we think anymore. Two recent studies of hospital attacks and IT and clinical staff attitudes tell us it’s necessary and outline why. The CyberPeace institute found that almost half (47%) of the 122 cyber-attacks they measured over a 6 month period caused either a patient redirect to another hospital or cancellation of appointments. Another study by Ipsos that was commissioned by CyberMDX and our partner Philips, found that most US hospitals were largely unprotected from major known vulnerabilities. Notably, 64% were unprotected from WannaCry and that number grew to 75% for NotPetya.

While the primary concern for healthcare delivery organizations (HDOs) is, and should be, providing lifesaving care, with the rise of cyber attacks against hospitals and HDOs overall, quality patient care and cybersecurity are becoming inseparable. In most industries, the largest concern is the breach and theft of customer data and the fallout from those situations. In healthcare we’re seeing that the same risks hold true, but there is a much worse scenario that makes the stake far higher. With the rise of connected medical devices, healthcare faces a reality where hackers can use the vulnerabilities to directly affect the function of infusion pumps, anesthesia machines and many other critical devices, impacting patient safety.

Q. Since your platform is unified, how do you assure security for your customers?

Our approach to assuring security starts with being device-centric. We created a layered approach to cyber security that protects each device, driving remediation and mitigation directly on medical and IoT assets. We call this DCRM or “Device-Centric Risk Management”. Fundamental questions drive the risk management process and many hospitals struggle with how to field them. They can get visibility to devices from many vendors but then what? How does that help them with what they actually need to do? For example - What vulnerabilities affect an asset? What is the severity? What are the factors that could impact patient safety or other business objectives?

First you need to consider your on-device remediation options – including patching or applying configuration changes, and understanding what the expected risk reduction is in each case.

CyberMDX technology enables the collection and analysis of meaningful data to provide answers to these questions and drive decisions and actions towards fixing these issues. Our DCRM approach also includes kickoff workflows and security orchestration to help HDOs effectively manage the risks and assure security.

Q. How has partnership served right for your success?

Partners are essential to success. We are no different from any other organization in that respect. We rely on them to help us serve customers more effectively through technology integrations, complementary solutions, or simply for reach/distribution. One of our partners was also an investor and through our solution is able to further reduce risk for their risk management solution. Another made us the center of their services offer and another saw us as so strategic to their go-to-market, they decided to acquire us. Clearly, partners have played more than just a key role to our success.

Shed light on Healthcare Security Suite.

The CyberMDX Healthcare Security Suite provides HDOs a single place to view and prioritize all device groups. Our solution helps healthcare organizations mitigate or remediate security risks by empowering their teams to simulate different actions and see the risk reduction impact of each action. This enables faster response — and with fewer required hands. Additionally, we research, track, alert, validate, analyze, and help organizations with compliance. Our unique approach eliminates the need to re-architect existing networks because we believe it’s about layering protection around medical and IoT devices.

Explicate the differentiation between solutions by role and by challenge.

Our approach is to relate to buyers and their respective journeys. When visitors come to our website their mindset varies. Some know our product and want something specific so we make sure they can go directly to the product they want very easily. Similarly, buyers can come to our site because they have a specific pain point. Whether it’s a concern about patient safety or how to stay compliant or utilize their medical devices more efficiently, we want to address that challenge head on and show them how we can help. That said, some buyers come to our site wanting to learn how we can help them to do their job better. That’s where we provide context based on someone’s role or job function. Whether you are a biomedical engineer or someone in IT Security, we want to be able to clearly outline how CyberMDX can do that.

Q. How is DCRM unique?

Unlike other solutions which primarily focus on security from a network centric approach, Device Centric Risk Management (DCRM) is focused on creating layers of protection around each device that work together to remediate, mitigate or prevent cyber risks. The solution offers a prioritized list of asset groups and recommended actions to remediate or mitigate the risks associated with these assets on three distinct protection layers: on-device, on-network, on-perimeter.

Q. What is CyberMDX’s next step in cybersecurity?

The acquisition of CyberMDX by Forescout gives us an amazing set of next steps. Firstly, Healthcare providers now have access to a much wider range of capabilities and we are anxious to both work with them on enabling that as well as innovate for the future. Conversely, there are some CyberMDX product capabilities that can now be leveraged cross-industry and Forescout will be able to bring those to market.

Meet the pre-eminent personality

Azi Cohen is a serial entrepreneur with 25 years of information technology and active angel investor experience both as CEO and founder. Before joining CyberMDX, Azi was the co-Founder & SVP Global Sales for WhiteSource, a global leader in open source security software. At WhiteSource, Azi successfully built the business to a customer base that now exceeds 1,000 clients worldwide.

Other positions that Azi has held include various board advisor roles, as well as CEO and Co-founder of Eurekify, a leading provider of Governance, Risk and Compliance solutions which was eventually acquired by CA Technologies in 2008. Azi is a former captain in the Israeli Defense Force and also a featured speaker in numerous conferences and forums, including a Tedx Talk in 2017 on the future of cyber security.