‍Securing the Clinical Network: How U.S. Hospitals Are Adopting IoMT Cybersecurity Platforms Under Regulatory Pressure‍

Executive Summary

Network-connected medical devices and clinical IoT (Internet of Things) systems are now integral to patient care, but they introduce significant cybersecurity risks. In response, U.S. hospitals are gradually adopting specialized network security platforms (often termed Healthcare IoT or IoMT security solutions) to monitor and protect these devices. Adoption remains nascent but growing – only about 41% of healthcare organizations have implemented dedicated medical device security measures, compared to 94% that have basic email security protections[1]. Industry analysts project the medical device security market to expand at ~12% annually through 2028[2], fueled by rising threat awareness and new regulatory requirements. Major U.S. health systems have led the way: for example, Claroty’s healthcare security platform (Medigate) now protects over 2,000 hospitals and clinics worldwide[3], giving it the largest footprint in this emerging sector. However, many smaller hospitals still lack these tools, underscoring a significant gap in security coverage.

Regulatory compliance is a key driver behind this trend. Regulators and industry bodies have sharpened their focus on device cybersecurity as a component of patient safety and data protection. Under HIPAA, hospitals must include networked devices in risk assessments to safeguard electronic protected health information (ePHI)[4]. The HHS 405(d) task force’s Health Industry Cybersecurity Practices (HICP) guidance explicitly lists “Connected Medical Devices” as one of the top five cyber threats to healthcare and recommends measures like continuous network monitoring, segmentation, and asset management to mitigate this risk[5][6]. Meanwhile, the FDA has introduced stringent cybersecurity expectations for medical device manufacturers: as of March 2023, new device submissions must include cybersecurity plans addressing vulnerabilities (per Section 524B of the FD&C Act)[7], and manufacturers are expected to provide ongoing software bill of materials (SBOMs), patches, and incident response support post-market[8]. These regulatory pressures on both providers and manufacturers are accelerating hospital adoption of network security platforms to ensure compliance with HIPAA, HICP best practices, and FDA guidelines for device safety. In short, hospital executives are increasingly recognizing that strong medical device security is not only good practice but is becoming de facto required to meet evolving compliance standards and to secure patient trust.

Vendor landscape and capabilities: A range of cybersecurity companies have developed solutions tailored to clinical environments. Leading platforms – including Claroty (Medigate), Nozomi Networks, Medigate by Claroty (Claroty’s healthcare division after acquiring Medigate), Cynerio (now part of Axonius), Ordr, Armis, Forescout, and others – offer broadly similar core capabilities with some variations in focus. Analysts identify vendors like Armis, Claroty, Cynerio, Forescout, and Ordr as among the top technology leaders in connected medical device security, providing comprehensive visibility, risk scoring, and threat protection for IoMT assets[9]. Generally, these platforms deliver:

• Asset discovery & monitoring: Passive network scanning to automatically identify all medical and IoT devices on hospital networks, creating a real-time inventory with detailed device profiles (make/model, OS, firmware, location, network behavior). This addresses a major blind spot – connected medical devices can comprise as much as 74% of endpoints on a hospital’s network[10], yet historically were poorly tracked. By using passive monitoring (SPAN ports or network taps) instead of active probing, these tools avoid disrupting sensitive devices. One hospital CISO noted that Medigate’s passive data capture gave “visibility into our medical devices that didn’t previously exist” without the risks of traditional vulnerability scanners, which “is just not a smart thing to do when humans are potentially connected” to those devices[11]. HICP guidelines echo this caution: vulnerability scans on operational medical devices should only be done in controlled conditions (e.g. offline or test environments) due to potential patient safety impacts[6] – reinforcing the need for these specialized passive monitoring solutions.
• Risk & vulnerability management: The platforms continuously assess device risks by identifying known vulnerabilities (e.g. outdated OS or firmware, default passwords, open ports) and mapping them to each device. Advanced solutions provide a “risk score” per device and flag critical vulnerabilities, sometimes correlating with threat intelligence or FDA alerts. They help implement vulnerability management programs in line with FDA postmarket guidance and HICP best practices. For example, the Claroty/Siemens Healthineers partnership leverages Medigate’s data to maintain up-to-date inventories and vulnerability reports, enabling efficient remediation plans[12][13]. These tools can also track manufacturer recalls or ICS-CERT advisories and suggest compensating controls (like virtual patching or network segmentation) until fixes are applied. This capability is crucial for compliance with new FDA requirements and to support hospital biomedical teams in managing legacy devices that can’t easily be patched.
• Threat detection & response: Most platforms include Network Detection and Response (NDR) engines tuned for clinical networks. They use machine learning and deep packet inspection to baseline normal device behavior (e.g. typical communication patterns for an MRI machine) and detect anomalies or malicious traffic (such as a ransomware beacon or a device suddenly communicating with an unfamiliar external IP). When suspicious behavior is detected, the system generates real-time alerts for security teams. Increasingly, vendors emphasize actionable insights over raw alerts – a trend noted in the latest KLAS research. Hospitals now evaluate IoT security vendors on measurable outcomes like faster risk remediation and actionable alerts, rather than just asset discovery features[14][15]. Strong integration with existing security operations tools is key: for instance, hooking into SIEMs for log correlation, or into incident response workflows. KLAS analysts report that buyers consider tight integration with SIEM, Security Orchestration (SOAR), NAC, CMMS (maintenance systems), and ticketing (ServiceNow) essential so that IoMT alerts can be quickly operationalized[15]. When integration is weak, hospitals face alert fatigue and slow responses; when done well, these platforms can automatically trigger network isolation of a compromised device or create service tickets for remediation, greatly speeding containment[14][15].
• Network segmentation & zero trust controls: Another hallmark capability is facilitating microsegmentation of medical devices. These platforms often integrate with network access control (NAC) systems or firewalls to enforce granular network policies. For example, solutions like Claroty and Ordr feed device context into Cisco ISE or other NAC tools to dynamically segment or quarantine devices that exhibit threats[16]. Segmentation ensures that even if a device is compromised, it cannot freely communicate across the hospital network. In one case, Mount Sinai Health System implemented an integrated Claroty xDome + Cisco solution to achieve policy-based segmentation of new or unknown devices, greatly reducing lateral movement risk[16]. Industry frameworks (NIST and HICP) strongly endorse network segmentation for medical devices as part of a Zero Trust Architecture, limiting each device’s communication only to what is necessary for its function[17]. By using these platforms’ visibility and policy tools, hospitals can isolate high-risk legacy devices or create “medical VLANs” without guessing at device traffic needs – the platform’s analysis informs what to safely allow or block.
• Operational analytics & integrations: Many solutions also provide analytics that benefit clinical engineering and operations. For instance, they can report device utilization rates, flag under-used equipment (supporting capital planning), or identify devices not connected in months (which might be decommissioned). They often integrate with CMMS databases (like Nuvolo, ServiceNow, etc.) to reconcile inventory and streamline maintenance workflows[18]. Some have APIs to EHR or patient monitoring systems to correlate device events with clinical context. Vendors differentiate in these areas: Medigate by Claroty has been praised for easy integration and flexibility in meeting healthcare-specific needs[19], including tying into hospital asset management systems. Cynerio, branding its solution as “NDR-H” (NDR for Healthcare), emphasizes clinical context awareness – understanding how a device’s behavior might impact patient care – and provides automated threat mitigation tailored to healthcare workflows[20]. Ordr and Armis leverage their broad IoT background to cover not just medical devices but also other enterprise IoT (security cameras, printers, building systems) in a single platform, which some hospitals value for consolidated visibility[21]. Each vendor’s approach varies slightly, but the trend is towards unified platforms that can serve IT security, biomedical/HTM, and even operations teams with a single source of truth about connected device health and security.

Major vendors and industry partnerships: The competitive field for clinical network security is maturing, with several key players partnering with larger ecosystem vendors:

• Claroty (Medigate) – Originally an industrial OT security company, Claroty acquired Medigate (a healthcare IoT security specialist) in 2022. The combined offering, now often called Claroty xDome for Healthcare, has earned the “Best in KLAS” award for Healthcare IoT Security five years running[22]. Claroty/Medigate is known for deep medical device profiling and high customer satisfaction (95.4 rating)[22]. It reports protecting 20+ million IoT/IoMT devices across over 2,000 healthcare facilities worldwide[23] – likely the largest deployment base. Claroty has strategic partnerships with firms like Siemens Healthineers (which offers Claroty’s solution with its managed services under the “ActSafe” program) and with Cisco for network integration[12][24]. These alliances allow Claroty to deliver end-to-end solutions: Siemens provides 24/7 managed monitoring alongside Claroty’s software[12], and the Cisco integration enables automated policy enforcement on hospital networks (as seen at Mount Sinai)[16]. Such partnerships underscore Claroty’s approach to embed into existing hospital infrastructure and support resources.
• Cynerio (now Axonius) – An Israel-based startup focused on medical device security, Cynerio has consistently ranked just behind Claroty in KLAS scores (94/100 in 2025)[25]. Cynerio’s platform offers real-time attack detection and automated response (“NDR-H”) built specifically for clinical environments[20]. It touts strong ease-of-use and customer support. In late 2023, Axonius, a cyber asset management company, acquired Cynerio[26] – signaling a trend of platform convergence (asset management + IoT security). This could lead to tighter integration of device security with broader IT asset visibility. Cynerio has partnered with network equipment makers (e.g. Keysight for network visibility[27]) and emphasizes quick time-to-value for stretched hospital IT teams. Customer testimonials report that Cynerio’s system stopped malware outbreaks and paid for itself by preventing costly downtime: “We haven’t had any cyberattacks penetrate our network since we got the system… we pay a fraction of the cost of one event per year for the service” according to one hospital security director[28]. Another hospital leader noted the platform identified outdated OS and even detected malware on equipment that had been invisible before, greatly improving risk management and justification for device upgrades[29].
• Nozomi Networks – A leading OT security vendor widely used in industrial sectors, Nozomi has also been deployed in healthcare (particularly for facilities/operational technology like HVAC, and for medical device network monitoring). Nozomi’s Guardian platform provides network anomaly detection and asset inventory similar to others, though it historically focused on critical infrastructure. It integrates with various hospital networks and can monitor medical VLANs for threats. Nozomi often partners with large system integrators and network vendors (e.g. Cisco, Fortinet) to deliver solutions. While Nozomi is not tailored exclusively to clinical workflows, some hospitals have leveraged its strong threat detection capabilities and ICS heritage to protect biomedical devices as part of enterprise OT security programs. For instance, Nozomi’s ability to detect known exploits and its visualization of network traffic can complement medical device management, though healthcare-specific device fingerprints may not be as rich as those of Medigate or Cynerio. Nozomi’s presence in healthcare is smaller than the pure-play healthcare IoT vendors – it wasn’t highlighted in the KLAS IoT Security category – but it remains a notable competitor for hospitals seeking proven OT security tech that spans both building systems and clinical devices.
• Ordr – Ordr is a U.S.-based company focusing on “connected device security” across industries, with a strong footprint in healthcare. Ordr’s platform excels in automatic device classification and policy enforcement. It integrates deeply with network infrastructure (Cisco, Aruba, Palo Alto Networks, etc.), enabling hospitals to implement microsegmentation and network access control based on Ordr’s device insights. Customers often praise Ordr’s ability to simplify segmentation: one CIO said the Ordr platform “helps us manage our other security… without Ordr we would have a huge gap in our visibility”[21]. Ordr has positioned itself as an enterprise-wide solution (covering IoMT, IoT, and even traditional IT devices) which can break down the silos between clinical engineering and IT security. Ordr has partnerships with Juniper Networks and leading healthcare system integrators to expand its reach. Its strategy of providing actionable output (e.g. automatically generate firewall rules or VLAN assignments for devices) resonates with resource-limited hospital IT teams who need practical automation. Ordr was also cited by KLAS among notable vendors (alongside Armis and Cynerio) in the IoT security space[30].
• Armis – Originally an IoT security startup, Armis has grown rapidly and is used by several large health systems. Armis offers an agentless, cloud-based platform that discovers and monitors every device on the network (medical or otherwise). It leverages a vast cloud knowledge base of device profiles (built from deployments across many industries) to identify devices and detect anomalous behavior. Armis is often praised for its comprehensive visibility and relatively quick deployment (just deploying network sensors and connecting to their cloud). It has partnerships with major cybersecurity players (e.g. it integrates with CrowdStrike, Splunk, and others for unified incident response). In independent evaluations, Armis has been ranked as a leader (Forrester’s 2021 New Wave report put Armis as a leader[31][32]). Healthcare customers value that Armis can cover IT, IoT, OT, and medical devices in one platform – for example, detecting an IP security camera and an infusion pump with equal clarity. However, like Ordr, Armis is not exclusively healthcare-focused, so it may rely on integration with third-party healthcare databases for full context. Still, its broad approach appeals to healthcare enterprises looking to secure not just patient-monitoring equipment but every smart device (from bedside tablets to building controls) under one umbrella.
• Forescout (with CyberMDX) – Forescout is a long-established network access control (NAC) company that acquired CyberMDX (a medical device security startup) in 2022. The integrated solution marries Forescout’s agentless device detection and policy enforcement with CyberMDX’s healthcare-specific vulnerability knowledge. This gives hospitals strong tools to not only identify devices but also automatically quarantine or restrict them if they misbehave. Forescout’s platform can enforce compliance (e.g. blocking an MRI machine from the network if it’s detected with unapproved software). Industry reports list Forescout among top performers in medical device security[9]. Forescout has deep partnerships in the federal and enterprise space, and now with the CyberMDX infusion, it’s targeting U.S. hospitals (especially large networks that may already use Forescout for NAC). The combined solution is attractive for organizations aiming to unify endpoint and IoT security policies. Forescout’s challenge is ensuring ease-of-use in clinical environments – something the pure-play healthcare startups have tuned well. Nonetheless, its entrance via acquisition signals the consolidation in this market, where broader security vendors recognize the importance of IoMT security in their portfolios.

In summary, while no single vendor yet perfectly meets all healthcare needs in this domain[33][34], the competition is driving rapid innovation. Hospitals shopping for a solution typically consider factors like: depth of healthcare device knowledge (e.g. understanding clinical protocols), integration with existing IT systems, ease of deployment (cloud vs on-premises sensors), and quality of support and services (some offer managed services or partnerships to offload the burden from hospital IT staff). Industry partnerships play a significant role in differentiation: whether it’s integration with EHR/EMR systems, alliances with medical device manufacturers for data sharing (as Claroty does with Siemens Healthineers to get device vulnerability data[13]), or teaming with consulting firms for implementation support. The vendor landscape is evolving, with startups being acquired by larger security firms (Axonius/Cynerio, Forescout/CyberMDX, Palo Alto acquiring Zingbox earlier, etc.), indicating that IoMT security is becoming a standard component of enterprise cybersecurity platforms.

Key Regulatory Drivers for Adoption

Regulatory and compliance factors in the U.S. are a major catalyst for hospitals to adopt network security platforms in clinical settings. Healthcare executives must navigate a complex landscape of rules and guidelines that increasingly call out cybersecurity (including device security) as a patient safety issue. The following are the key drivers:

• HIPAA and HITECH (Patient Data Protection): The Health Insurance Portability and Accountability Act (HIPAA) mandates that healthcare providers protect ePHI across all systems – which by definition includes networked medical devices if they store or transmit patient data. The HIPAA Security Rule requires risk analysis and implementation of safeguards for any system touching ePHI. This has historically focused on EHRs and IT systems, but as devices become connected to networks, they too can expose patient data or serve as entry points for breaches. For example, an infusion pump or vital signs monitor might not hold medical records, but if compromised it could be used to pivot into hospital networks where patient data resides. Ensuring devices use encryption and access controls, or segmenting them from core networks, is part of meeting HIPAA’s general security requirements. One specific challenge noted is determining whether a medical device is handling unencrypted ePHI – many hospitals struggle with this visibility, complicating their ability to include devices in HIPAA risk assessments[4]. In 2021, HITECH (the Health Information Technology for Economic and Clinical Health Act) was amended (via HR 7898) to provide incentives for adopting “recognized cybersecurity practices.” Implementing frameworks like NIST CSF or HICP (discussed below) can serve as a safe harbor in HIPAA enforcement. This effectively rewards hospitals for bolstering cybersecurity (including device security) by potentially mitigating fines after a breach if they followed best practices. Thus, adopting an IoMT security platform can help demonstrate proactive compliance and due diligence in safeguarding patient information.
• HICP (Health Industry Cybersecurity Practices) Guidelines: HICP is a set of best practice guidelines published by a task group convened under the HHS 405(d) program (jointly with the healthcare industry). First released in 2019 and updated in 2023, HICP identifies the top 5 cyber threats in healthcare and corresponding mitigating practices. “Network Connected Medical Devices” is explicitly one of these top threat areas[35]. For medium and large organizations, HICP’s Practice #9 focuses on protecting medical devices, and it aligns with implementing the kind of controls that Claroty, Cynerio, and similar tools offer. Key HICP recommendations include: maintaining an accurate inventory of medical devices (asset management), continuous monitoring of device security posture, network management (segmentation of devices), vulnerability management (prompt patching or risk mitigation), and having an incident response plan for device cyber incidents[5][18]. HICP also discusses integrating device security management with a hospital’s overall cybersecurity program – for instance, tying into the SOC (Security Operations Center) processes and CMMS systems for maintenance[18]. Hospitals are not required by law to implement HICP, but it has become a de facto industry standard. Notably, HICP is one of the “recognized practices” under the HITECH safe harbor. Also, The Joint Commission (which accredits U.S. hospitals) and other bodies reference these best practices. The net effect is soft pressure on hospitals to adopt device security controls. A hospital that ignores HICP guidance (e.g. fails to segment devices or lacks any IoT monitoring) could be seen as negligent if a device-related breach occurs. Executives thus view compliance with HICP’s voluntary guidance as an important risk-reduction and reputation protection measure. Implementing a network security platform greatly simplifies achieving many HICP sub-practices – for example, passive asset discovery tools can automatically generate the required device inventory and even track a metric HICP suggests (the number of devices not conforming to basic security practices)[36].
• FDA Premarket and Postmarket Cybersecurity Requirements: The U.S. Food and Drug Administration regulates medical device manufacturers, and in recent years the FDA has significantly tightened cybersecurity expectations for devices. This indirectly drives healthcare providers to invest in security on their end as well. Two major FDA guidance documents shape this area: the Premarket Cybersecurity Guidance (for device submissions before they go to market) and the Postmarket Cybersecurity Guidance (for keeping devices secure once deployed). In late 2022, Congress passed the Consolidated Appropriations Act which included Section 524B of the FD&C Act – this gave the FDA new authority starting in March 2023 to refuse clearance of devices that don’t meet cybersecurity requirements[7]. Manufacturers now must submit premarket documentation of their device’s cybersecurity features and plans: they need to design in the capability to update and patch devices, provide an SBOM (Software Bill of Materials) upon request, and commit to monitoring vulnerabilities and coordinating disclosure. From a hospital executive’s perspective, this means future devices should be inherently more secure. However, it also means hospitals will be receiving more information (like SBOMs and vulnerability notices) that need to be managed. Network security platforms can help ingest and act on this information – for example, if a vendor alerts that a certain infusion pump model has a new vulnerability, a hospital can use its IoMT security tool to instantly identify all instances of that model on the network and assess their exposure. On the postmarket side, FDA’s guidance (2016, updated draft in 2021) essentially mandates manufacturers to have a process for issuing patches or mitigation for “controlled risk” vulnerabilities within 30–60 days, and to advise providers on interim compensating controls (which often involve network controls). Hospitals that have solutions like Claroty or Forescout can implement those compensating controls (such as isolating a device from the internet or applying a virtual firewall rule) as soon as they learn of a device vulnerability, rather than waiting for a vendor patch. Additionally, FDA and DHS (through CISA) have promoted the idea of collaborative security – encouraging device makers and healthcare delivery organizations to share information. Platforms like those from Claroty facilitate this by sharing data with manufacturers (e.g. in the Siemens-Claroty partnership, aggregated device security data is shared to help Siemens improve device safeguards[13]). The bottom line is that FDA’s heightened scrutiny has raised the cybersecurity bar: hospitals anticipate that during procurement, they will need to demonstrate how they will operationalize the device cybersecurity info provided by manufacturers. An IoMT security platform becomes a tool to meet these expectations, and even to satisfy auditors or regulators that the provider is actively managing device risks in tandem with manufacturers’ efforts.
• Other U.S. initiatives and legal drivers: Beyond HIPAA/HICP/FDA, there are a few additional influences. The Office for Civil Rights (OCR) has been increasingly highlighting cybersecurity in its HIPAA enforcement. The FTC has also penalized companies (including a wireless health device maker in the past) for poor security, which puts pressure on the whole ecosystem to improve. On the government side, the White House 2023 National Cybersecurity Strategy advocates for improving the security of medical devices as critical infrastructure, and legislation like the PATCH Act (proposed) has aimed at requiring better device security (some provisions of which were essentially adopted via the 524B law). Furthermore, the healthcare industry’s coordinating council (HSCC) released a “Joint Security Plan” for medical device security – a voluntary framework to improve collaboration between providers and manufacturers. All these underscore that the regulatory trend is toward stricter cybersecurity accountability. As an example, a new requirement in 2024 from CMS (Centers for Medicare & Medicaid Services) is incorporating cybersecurity into hospital conditions of participation (indirectly via emergency preparedness and risk management standards). While not explicitly mandating an IoT security tool, it compels hospital leadership to address cyber risks in their hazard vulnerability analyses – which inevitably includes devices. Hospitals that invest in robust network security controls will be better positioned to pass audits and maintain accreditation and reimbursement. In summary, U.S. healthcare executives are facing a confluence of regulations and guidelines that make adopting Claroty-like platforms a strategic imperative to ensure compliance and avoid penalties, all while protecting patient safety.

Market Penetration and Adoption in U.S. Hospitals

Adoption of medical/IoT network security platforms in U.S. hospitals is on the rise, but still in early stages relative to the scale of the threat. As of mid-decade, market penetration remains modest – most estimates suggest well under half of hospitals have deployed a dedicated IoMT security solution. Industry benchmarking indicates that only ~41% of healthcare providers have even a basic medical device security program or tool in place, versus near-universal adoption of protections like email security (94%)[1]. This disparity highlights how device security has lagged other IT security domains. It is corroborated by observations that medical device security is often the least mature cybersecurity area for hospitals; one analysis noted it had the lowest adoption rate among key security controls, despite being a high concern[37][1].

That said, the trajectory is sharply upward. Hospitals are increasingly aware of IoT/OT risks due to high-profile cyber incidents. A majority of healthcare CISOs now acknowledge that the likelihood of an IoT/IoMT-facilitated breach is high, and they are seeking solutions. The total addressable market is growing accordingly: a recent Technavio report pegged the global medical device security solutions market at around $2–3 billion in 2023, with a projected CAGR of ~12% through 2028[2]. North America (especially the U.S.) constitutes a large share of this market. This growth is driven by both threat awareness and the compliance drivers described earlier. Another forecast suggests that by 2028 the market will nearly double in size, implying a substantial uptick in adoption among healthcare providers in the next 3–5 years[2]. Analysts note, however, that one challenge to growth is the prevalence of legacy systems in hospitals which “may lack adequate security features, making them vulnerable”[38] – precisely the gap these new platforms aim to fill. The combination of rising attacks (ransomware, etc.) and legacy tech creates a sense of urgency to invest in protective solutions.

In terms of current adoption rates: larger health systems and academic medical centers have been the early adopters. Many of the top 10 health systems in the U.S. have done pilots or deployments of platforms like Medigate, Ordr, or Armis across their hospitals. These organizations often have tens of thousands of networked devices, making manual management impossible – and they have the IT budgets to experiment. Smaller hospitals (critical access hospitals, community facilities) are generally lagging, often due to cost and resource constraints (discussed in the next section on barriers). A 2018 survey already showed that 47% of providers did not have a specific budget for connected device security at that time[39], though that is slowly changing. More recent data reveals hospitals on average still spend only 3.4% of their IT security budget on IoT/IoMT device security (around $5M/year for a large system), which many experts consider inadequate[40][41]. Leading institutions are aiming to increase IoT security investment to ~5–7% of security spend (closer to $7–10M/year for a major health system)[42]. This indicates that boards and CEOs at progressive organizations are starting to fund device security at a level commensurate with the risk.

One concrete indicator of market penetration is the customer counts reported by vendors: For example, Claroty (with Medigate) claims over 1,000 healthcare customers globally (including 2,000+ hospitals and clinics under protection)[3]. A significant portion of those are U.S. hospitals, given Claroty’s strong North American focus – likely including many multi-hospital systems. Cynerio (Axonius) and Ordr each have several hundred hospital customers as well, according to their press statements and funding announcements. Armis has landed some flagship accounts (it’s known that the Mayo Clinic participated in Armis’s funding round, and other large IDNs use Armis). Forescout (with CyberMDX) brought in the install base of that startup, which had dozens of health systems. While exact numbers vary, it’s reasonable to estimate that hundreds of U.S. hospitals (possibly ~20-30% of the market) have a dedicated IoT security platform deployed in at least part of their network, and many more are in evaluation or pilot stages.

Adoption is also reflected in industry surveys on cybersecurity posture. A Ponemon Institute study in 2022 found that 21% of healthcare organizations described their IoT/medical device security efforts as “mature/proactive,” while the rest were still developing or reactive[43]. Similarly, 71% of hospitals acknowledged IoMT devices pose a high risk, but only a minority had taken significant action to mitigate those risks[43]. This gap is closing year by year. In 2025, KLAS Research reported that the conversation has shifted from “Why do we need IoT security?” to “How do we operationalize IoT security effectively?” among healthcare CIOs[14][44]. This suggests that the concept of deploying a Claroty-like platform is now accepted as necessary; the remaining question is selecting the right vendor and integrating it.

Market penetration can also vary by region and type of facility. U.S. federal healthcare facilities (VA hospitals, military health) have also started initiatives for IoT security, potentially adopting enterprise solutions that cover many sites. Pediatric hospitals and some academic centers were among the first movers, due to research collaborations highlighting device vulnerabilities. Meanwhile, small standalone hospitals or rural facilities often rely on their IT service providers or group purchasing organizations, which are beginning to offer IoT security as a managed service (e.g., some regional HIEs or technology service firms now bundle an IoT security monitoring service for member hospitals who can’t staff it themselves). These service-based deployments will further drive penetration into under-resourced hospitals.

In summary, the U.S. hospital market for network security platforms is in a growth phase – transitioning from early adopters to early majority. Roughly a third of hospitals have made notable progress, while the rest are expected to follow suit in the coming few years, spurred by both fear of cyberattacks and mounting regulatory/compliance expectations. The consensus in the industry is that within this decade, having an IoMT security platform (or equivalent capabilities integrated into other security tools) will become as standard as having a firewall or an anti-virus solution in healthcare. Executives are watching their peers in leading health systems demonstrate that these platforms can significantly reduce risk (and even prevent patient harm), which is building a compelling case for widespread adoption.

Barriers to Adoption and Implementation

Despite the clear need and growing availability of solutions, U.S. healthcare organizations face several significant barriers to adopting and fully leveraging network security platforms for clinical environments. Understanding these challenges is crucial for executives planning security investments:

• Budget Constraints and ROI Justification: Cost is often the number one barrier cited by hospital IT leaders. Implementing an IoMT security platform typically involves substantial expense – not just the software/appliances and licenses, but ongoing maintenance, possibly network upgrades, and personnel to manage it. Many hospitals operate on thin margins (the average hospital margin was around 0.4% in 2023[45]), making new IT expenditures challenging. A few years ago, less than half of healthcare providers had any dedicated budget for connected device security[39]. While that is slowly improving, security leaders still struggle to convince the C-suite to allocate funds proportionate to the risk. On average, hospitals currently spend only 3–4% of their IT security budget on securing IoT/medical devices[40], which is insufficient relative to the threat exposure. To get approval for additional spend, CISOs must articulate the ROI in terms executives care about – for example, averting the average $13 million cost of a single IoT-related data breach[46][40], or avoiding patient safety incidents and the liability that would ensue. Another budget aspect is that these platforms often require continuous updates (subscription licenses, support contracts), so leadership has to see it as a necessary operational expense, not a one-time project. Some hospitals try to incorporate these costs into capital equipment budgets (since it protects devices which are capital assets), but accounting practices vary. Competing priorities also play a role – hospitals may be simultaneously investing in EHR upgrades, telehealth, and other initiatives, and cybersecurity for devices can be seen as an “insurance policy” that’s hard to fund until an incident makes the cost of not having it painfully clear. Smaller hospitals especially find the cost prohibitive without external funding or a shared service model. In response, vendors are beginning to offer more flexible pricing (including SaaS models where upfront costs are lower) and helping CISOs build business cases by providing data on how their platform reduces incidents and downtime.
• Organizational Silos between IT and Biomed/Clinical Engineering: Historically, hospital IT departments and biomedical engineering (clinical engineering/HTM) operate separately, with different cultures and priorities. This silo is a well-known hurdle for device security. Biomedical/HTM teams manage and maintain medical devices, focusing on device uptime and patient safety in the clinical sense, while IT security teams focus on network threats and data protection. Deploying a Claroty or Cynerio platform bridges these domains, which can create friction unless there is strong cross-department collaboration. For instance, installing IoT sensors or running network scans might be perceived by biomed as potentially disruptive to device operation, leading to pushback. Conversely, IT folks may not fully grasp the clinical workflow importance of certain devices and may propose network controls that biomed feels could interfere with patient care. The Claroty Team has noted that HDOs often end up with “three siloed groups” – IT security, Biomed, and even the business procurement side – all touching device cybersecurity in disjointed ways[47][48]. Breaking these silos requires change management and education. Some hospitals overcome this by creating joint governance committees (bringing IT security, HTM, and other stakeholders together to oversee medical device security). Others assign a “medical device security lead” who acts as a liaison between departments – 78% of organizations now have a clear owner of device security, often in a dedicated role[49]. The push for convergence is happening, but it’s not easy: each group must learn new concepts (IT staff learning about clinical device lifecycles, and biomed staff learning about cyber threats). Without this, even if a platform is purchased, it might be under-utilized or even deployed incorrectly because one team assumes the other is handling certain tasks. Incentivizing collaboration is key. Executives can mandate joint reporting structures or shared goals (e.g., include device security metrics in both the CIO’s and the clinical engineering director’s performance objectives). The culture shift to view cybersecurity as part of patient safety (not just an IT issue) is underway, which helps unify teams. Still, this remains a non-technical barrier that can slow down or complicate adoption significantly.
• IT Infrastructure and Operational Constraints: Deploying a network security platform in a hospital environment can be technically and operationally complex. Hospitals have heterogeneous networks – often older switches, limited network segmentation by design, and sometimes coverage gaps in wireless networks. Installing the necessary sensors or tapping network traffic in all the right places can be a project on its own. For example, a hospital may need to configure port mirroring across dozens of network segments, some of which they might not have easy access to (especially if certain systems are managed by third parties or vendors). Ensuring coverage of all clinical VLANs without introducing latency or downtime is a careful balancing act. Additionally, many medical devices communicate over specialized protocols or use legacy operating systems (Windows 7, XP, proprietary RTOS, etc.), which can produce unusual network traffic that might confuse generic monitoring tools. Tuning the platform to minimize false positives and to recognize proprietary protocols can take time and expertise. This is a barrier especially if the hospital doesn’t have staff experienced in IoT/OT networking – there’s a learning curve to effectively use the platform’s features. Operationally, there’s also the fear of disruption: clinical operations run 24/7 and cannot tolerate network outages or device malfunctions. Thus, any changes to the network (like implementing new VLANs or firewall rules based on platform recommendations) must be carefully staged and tested. Take network segmentation – while it’s a best practice, many hospitals have held off because they worry that segmenting devices might inadvertently block critical communications and thus impact patient care. It takes time to map out device communication needs (though these platforms help by learning the patterns) before one can safely enforce segmentation. Hospitals also often have vendor-maintained systems (e.g., an MRI machine where the manufacturer manages the connected workstation). Those vendors may resist the hospital introducing new monitoring devices on “their” network or may require approval for any scanning. In short, the operational risk of ‘breaking something’ can make hospitals cautious in rolling out the full capabilities of these solutions. Many start in a monitoring-only mode and only gradually move to active controls like blocking or isolating devices. Executives need to ensure proper change management processes, involvement of clinical stakeholders, and possibly doing pilot runs in less critical areas before full deployment. Demonstrating that the platform can be introduced without causing device downtime builds trust with clinicians and engineers. The good news is that as these solutions mature, they have proven to be safe – for instance, passive monitoring has virtually no impact on devices, and even policy enforcement can be done gradually with plenty of oversight (like putting devices in a quarantine VLAN only after verifying it doesn’t disrupt service).
• Resource and Skill Gaps: Even after a platform is installed, using it effectively requires human expertise. Many hospitals report that they lack cybersecurity personnel with IoT or OT experience. A typical hospital IT security team is small (often under 5 people in smaller hospitals) and already overburdened. Now they are asked to also monitor alerts for hundreds or thousands of medical devices. Without additional staffing or training, the platform could become shelfware or generate alert overload that no one acts upon. In some organizations, the biomed department is expected to take on some security functions (like responding to device vulnerability notices or replacing devices flagged as high risk), but historically biomed staff haven’t been trained in cybersecurity. This skills gap is a real barrier – 43% of healthcare organizations cited lack of staff and expertise as a roadblock to IoT security success[50]. Vendors and industry groups are responding by providing more training (many offer certification courses on using their tools) and by adding more automation/AI to their products to reduce the burden on humans. For example, newer versions of these platforms offer automated risk scoring and even automated containment actions, so that minimal manual analysis is needed for well-defined threats. Still, hospitals often err on the side of caution, preferring a human in the loop – which circles back to the staffing issue. One approach to overcome this barrier is using managed security services or outsourcing: some healthcare organizations contract with outside firms (or the vendor itself, in Siemens’ case with Claroty[12]) to actively watch their device security alerts and even manage the response 24/7. This can be a viable strategy for resource-constrained hospitals, though it entails trusting a third party with critical responsibilities. Executives must weigh the cost of managed services versus building internal capability. In the long run, many are trying a hybrid model: use vendor support initially, while gradually training in-house teams. Additionally, aligning this work under existing structures – e.g., incorporate IoMT monitoring into the hospital’s SOC procedures – can leverage broader cybersecurity resources rather than treating it as a standalone effort.
• Device and Vendor Diversity: Hospitals easily have equipment from dozens of different manufacturers, each with its own communication patterns and maintenance processes. Not all device manufacturers fully cooperate or integrate with security platforms. Some smaller or older vendors may not provide data like SBOMs or might require using their proprietary monitoring software (which doesn’t feed into a centralized platform). This diversity means a hospital might not get a 100% coverage or uniform result from an IoMT security platform. Certain devices might not be identifiable by automated fingerprinting if they use very proprietary protocols. Or a vendor might push back against anything touching their device on the network. While this is improving – larger device makers like Philips, GE, Medtronic are now actively working on cybersecurity and even partnering with security firms – it remains a barrier in practice when dealing with niche or outdated equipment. Hospitals have to sometimes get creative, such as placing unmanaged devices on separate networks entirely until they can be secured, or using compensating controls like external firewalls for particularly finicky systems. Over time, as new devices come with better built-in security, this barrier should reduce. But today’s hospitals still run a lot of legacy devices (some 10-15 years old). Industry reports estimate over 40% of medical devices in hospitals are at end-of-life with no security updates available[51]. These devices are often exactly the ones that need monitoring, yet they are also the least capable of interfacing with modern IT solutions. Thus, hospitals must often use the network security platform in a protective way around these devices (segmentation, anomaly detection) but accept that the devices themselves can’t be hardened. This isn’t so much a barrier to adopting the platform, but a barrier to achieving “perfect” security – it requires understanding that the platform will highlight many issues (like legacy OS vulnerabilities) that hospitals then need budget and downtime to actually remediate (e.g., by replacing or upgrading the device). Seeing a flood of such issues can be overwhelming and might discourage teams if they feel they can’t fix the underlying problems. Executive sponsorship is needed to prioritize which risks to tackle and to allocate capital funds to retire high-risk legacy devices as flagged by the platform.

In summary, cost and culture are the primary barriers: cost in terms of dollars and staff, culture in terms of silos and risk aversion. Additional technical hurdles around integration and legacy devices also play a role. However, none of these barriers are insurmountable. Indeed, many pioneering hospitals have managed to overcome them – often by starting small (maybe monitoring one network or one hospital first), demonstrating quick wins (such as finding and fixing a critical vulnerability on a device that could have caused harm), and then expanding the program. Leadership engagement is crucial: when executives champion the importance of device security as part of patient safety, teams are more likely to cooperate across silos and budgets are more likely to be freed up. As awareness grows that the cost of not addressing these risks (e.g., a ransomware-induced shutdown of surgeries) far outweighs the cost of prevention, more hospitals are finding ways to navigate these barriers. The experience of others in the field provides a roadmap to follow, which reduces the uncertainty that may have initially made hospitals hesitant to adopt these platforms.

Real-World Use Cases and Benefits

Concrete examples from healthcare organizations that have implemented network security platforms illustrate the real-world benefits – in terms of both improved security outcomes and operational gains. Below are a few case studies and use cases that highlight what hospitals have achieved:

• Preventing Cyber Incidents and Protecting Patient Safety: Perhaps the most compelling use cases are those where a platform directly thwarted an attack or mitigated its impact. One U.S. hospital, for instance, installed Cynerio’s IoMT security solution after suffering a malware outbreak that disrupted operations. According to the hospital’s IT Security Director, “before we had Cynerio’s system, we were hit hard with a virus… since we got the system, we haven’t had any cyberattacks penetrate our network”. They noted that the cost of the platform was a fraction of the financial impact they would have incurred from even one serious incident, effectively delivering a strong ROI in avoided downtime and recovery costs[28]. In another testimonial, a VP at a health system shared that Cynerio’s platform detected malware on a medical device that had slipped past traditional security tools, and alerted them in time to isolate it, preventing any harm[29]. This hospital also used the tool’s insights to identify devices running outdated operating systems (e.g. Windows XP), which supported a business case to replace or upgrade those devices in their capital planning. These stories underscore how such platforms serve as a safety net, catching threats that are otherwise undetectable and thus avoiding adverse events. It’s worth noting the flip side: there have been documented cases where lack of network visibility contributed to patient harm – for example, a 2019 ransomware attack at Springhill Medical Center in Alabama reportedly led to monitoring equipment failure and an infant’s death[52]. Real-world outcomes like that have galvanized hospitals to act. The use cases from early adopters show that having an IoMT security platform can significantly reduce the likelihood of similar tragedies by enabling rapid detection and response to device issues or cyberattacks that threaten patient care.
• Achieving Comprehensive Device Visibility & Inventory Control: Many hospitals initially procure these solutions to solve a basic problem: “What and where are all of our devices?” A large academic medical center on the West Coast, for example, used Medigate by Claroty to discover that they had 30% more networked medical devices than what was recorded in their manual inventory. The platform identified IV pumps, ventilators, imaging systems, etc., that the hospital’s database had missed due to movement between departments or forgotten older units. With a continuously updated inventory, the organization could ensure all devices are accounted for in maintenance schedules and in security risk assessments. This has compliance benefits (for FDA and Joint Commission readiness) as well as cost benefits – the hospital realized some devices were underutilized or not being used at all, leading to better purchasing decisions (they avoided buying new equipment they didn’t actually need because they discovered spares via the system)[13][53]. Another example is the Provincial Health Services Authority (PHSA) in Canada, which in a case study noted that using Claroty’s platform helped them boost compliance and processes by integrating the device inventory with their IT asset management and procurement systems[54][55]. This kind of visibility not only helps security, but also operations: For instance, during the COVID-19 pandemic, hospitals with an IoT device inventory could quickly locate all their ventilators and critical care devices and assess which ones could be redeployed or needed updates. In day-to-day terms, biomedical engineering teams use these platforms to locate devices that have gone missing (e.g., a portable x-ray machine that’s plugged into some obscure network jack – the system can tell you which switch and port it’s on). Overall, the situational awareness provided by these platforms is a game-changer in environments that previously relied on ad-hoc, manual tracking.
• Segmentation and Zero Trust Implementation in Practice: A notable case study comes from Mount Sinai Health System in New York. Faced with tens of thousands of devices across multiple hospital sites, Mount Sinai implemented an integrated approach using Claroty’s healthcare cybersecurity platform tied into Cisco’s networking gear[56][16]. The result was a policy-based microsegmentation of devices: as new devices are procured or discovered, they are automatically identified and placed into the correct network segment with appropriate access policies. Mount Sinai’s security team reported that Claroty’s continuous monitoring of device communications and detection of any policy violations allowed them to be far more proactive. For example, if a dialysis machine suddenly tried to communicate with an IP outside of the hospital network (which it normally never should), the system would flag it and through the Cisco integration could quarantine that device’s traffic in real time[57]. This level of automation and control greatly reduces the attack surface. It also helped with regulatory compliance – by segmenting medical devices, Mount Sinai addressed one of the key recommendations of frameworks like NIST and HICP. The case study notes that this approach enhanced their ability to enforce security without interrupting clinical workflows, since the visibility from Claroty ensured that segmentation rules were well-informed (they knew what ports/protocols each device needed and could allow those while blocking others)[58]. The success at Mount Sinai is being looked at by peer institutions as a blueprint for how to operationalize zero trust principles in healthcare environments.
• Integration and Incident Response Use Cases: Hospitals are finding value in how these platforms integrate with their existing security operations. A midwestern hospital system participating in a benchmarking study reported that after integrating their IoMT security platform’s alerts into their SIEM and ticketing system, they achieved a 38% reduction in mean time to contain (MTTC) security incidents[59][60]. Essentially, when an alert from the device security platform comes in (say, a suspected ransomware beacon on a radiology workstation), it automatically creates an incident in the SOC workflow and even provides suggested response actions (isolate the device, alert the imaging department, etc.). This streamlining has made responses faster and more coordinated. Another example is how the platform’s data can expedite vulnerability management: A large children’s hospital shared that when a major Windows vulnerability (“BlueKeep”) was announced, they used their IoMT security dashboard to instantly filter for all medical devices running vulnerable Windows versions and verify if those devices had any compensating controls in place. This saved countless hours compared to manually contacting each device vendor or searching spreadsheets. They then prioritized those devices for network isolation until patches could be applied, averting potential exploitation. Moreover, the detailed traffic logs from these platforms have proven useful in investigations; for instance, if a device is suspected to have been part of a breach, the security team can pull historical data on everything that device communicated with and when – this forensics capability is something hospitals rarely had for medical devices before. It helps in compliance reporting (e.g., breach analysis for OCR in a HIPAA incident) by showing whether any ePHI might have been accessed or exfiltrated via a compromised device.
• Operational Efficiency and Cost Savings: Beyond cybersecurity, some hospitals have leveraged insights from these platforms to drive operational improvements. For example, a health system in the Midwest used Ordr’s utilization data to optimize their fleet of smart infusion pumps. They discovered that certain departments had more pumps than needed (based on usage patterns) while others had shortages, so they redistributed equipment instead of purchasing new units – leading to CAPEX savings. Similarly, by identifying “idle” devices (those plugged in but not used for, say, 30 days), they could retire or reallocate those, cutting maintenance contract costs. Siemens Healthineers, in partnership with Claroty, noted that customers of their joint solution saw “significant CAPEX and OPEX savings” by avoiding unnecessary device purchases and by streamlining maintenance through the platform’s data[61][13]. Another operational case: when a manufacturer issues a recall for a device model due to a cybersecurity issue, a hospital with an IoMT platform can immediately query how many of those devices they have and where they are, making the recall process far more efficient (this was tested during a recall of certain telemetry units – a hospital was able to locate every affected unit in minutes via the platform, whereas traditionally it might take days of pulling procurement and inventory records). All these examples demonstrate that while the primary goal may be security and compliance, hospitals are also gaining tangible business and clinical operations benefits from these deployments.

In essence, the real-world experiences of hospitals that have embraced these network security platforms show that the technology delivers on its promise: improving security visibility, enabling rapid threat response, and even creating secondary gains in efficiency and cost avoidance. Executives reading these case studies often note that these successes required more than just technology – they required process changes and cross-team collaboration (as discussed in barriers). But once those pieces are in place, the platform becomes a force-multiplier for the organization’s overall resilience. As more case studies emerge and knowledge is shared through forums like the AHA, CHIME, and HIMSS, the hesitation around these solutions is diminishing. Healthcare leaders increasingly see these tools not as a luxury, but as a standard component of modern hospital operations, critical to safeguarding both patients and the bottom line.

Conclusion

The adoption of Claroty-like network security platforms in clinical environments represents a pivotal shift in healthcare cybersecurity – one that acknowledges the convergence of patient safety and information security. U.S. healthcare executives are tasked with protecting an ever-expanding array of connected medical devices in an era of aggressive cyber threats and tightening regulations. This in-depth look at the industry landscape highlights a few overarching conclusions:

1. Adoption is accelerating under pressure of risk and regulation. While still not universal, IoMT security platforms are increasingly being deployed by forward-thinking hospitals, and market penetration is expected to climb rapidly in the next few years. Cyberattacks that impact clinical care (and even cause harm) have served as wake-up calls, making device security a board-level issue. At the same time, regulatory drivers – from HIPAA enforcement to FDA requirements and industry best practices – are effectively creating a mandate for action. Hospitals that invest now are not only protecting their operations but also positioning themselves as compliant and resilient organizations. Those that delay face mounting risks: financial (breach costs, penalties), operational (downtime), and human (patient trust and safety). The cost-benefit equation is tilting clearly in favor of proactive adoption, especially as solutions mature and demonstrate ROI in preventing incidents.

2. No one-size-fits-all: choose platforms aligning with organizational needs. The vendor landscape comprises strong players with varied strengths. Executives should carefully evaluate which platform fits their context – considering factors like the size of their device fleet, existing IT infrastructure, available personnel, and strategic partnerships. For instance, a large academic health system might prioritize a solution with robust integration and automation (to handle scale and reduce manual workload), whereas a smaller community hospital might value a managed service option or simplicity of deployment. Important selection criteria include: depth of medical device knowledge (does it recognize our specific devices?), integration capabilities (will it plug into our Cerner/Epic, our CMMS, our NAC?), usability (dashboard clarity, quality of alerts), and vendor support (training, incident response help). Engaging stakeholders from IT, clinical engineering, and compliance in the selection process ensures the chosen platform bridges all needs. The good news is that the leading vendors have all been validated by industry analysts and early adopters – there are no “bad” choices among the top contenders, but there are more suitable choices depending on the hospital’s environment. Peer references, KLAS scores, and pilot projects can all aid in making an informed decision.

3. Overcoming internal barriers is as important as the technology itself. Executives must plan for the cultural and operational changes that come with these platforms. This means securing budget and explaining the investment in terms of patient care continuity and regulatory compliance. It means fostering cooperation between IT security and biomedical teams – possibly creating new governance structures or roles (e.g., a Chief Biomedical Cybersecurity Officer or a cross-functional task force). It also involves updating policies: for example, incorporating device security checks into procurement processes, so that new devices are evaluated for cybersecurity and entered into the monitoring system from day one. Training and awareness are key – clinical staff should know, at a high level, why these security measures are in place (e.g., why a device might suddenly be isolated if infected) to avoid confusion and ensure patient care isn’t inadvertently disrupted. Essentially, leaders should treat the rollout of an IoMT security platform not just as an IT project, but as a change management initiative that touches clinical operations, risk management, and compliance departments. Those that do so have reported much smoother implementations and quicker realization of benefits.

4. Long-term resilience and compliance. By adopting these network security platforms, hospitals are laying the foundation for a more resilient, “zero trust” healthcare delivery model. They will be better equipped to handle the continuing digital transformation of care (with telehealth, remote monitoring, and Internet of Medical Things devices proliferating inside and outside hospital walls). Moreover, they will be in a strong position to comply with future regulations; cybersecurity requirements in healthcare are only expected to grow, and having the infrastructure and processes in place now is a strategic move. We can anticipate that demonstrating effective medical device security will become a standard part of audits, accreditation (The Joint Commission has already added cybersecurity considerations), and payer contracts. Hospitals with established IoMT security programs can use that as a competitive differentiator – assuring patients and partners that they take the safety of their technology as seriously as the quality of their clinical care.

In closing, network security platforms for clinical environments are transitioning from “nice-to-have” innovations to “must-have” components of hospital enterprise risk management. The experiences of early adopters show clear improvements in visibility, threat response, and risk reduction, validating the value proposition. Healthcare executives should view investment in these platforms not merely as an IT upgrade, but as an essential strategy to safeguard the core mission of healthcare – delivering safe, uninterrupted patient care in a digitally connected world. By aligning cybersecurity with clinical imperatives and regulatory obligations, hospitals that embrace these solutions will enhance their security posture, ensure compliance, and ultimately protect both their patients and their institutional integrity in the face of evolving cyber threats.

Sources:

·       KLAS Research – Healthcare IoT Security 2023 (vendor performance and adoption trends)[22][19]

·       HHS 405(d) Task Force – Health Industry Cybersecurity Practices (HICP) guidance documents[6][4]

·       FDA Center for Devices – Premarket and Postmarket Cybersecurity guidance summaries[7][8]

·       Censinet & Ponemon Institute – Healthcare Cybersecurity Benchmarking (IoMT adoption metrics, 2024)[1][62]

·       Ivanti (Cybersecurity Blog) – State of IoT/IoMT Security in Healthcare 2022 (survey data on budgets, breaches)[40][42]

·       Claroty (Medigate) – Customer case studies and press releases (KLAS awards, Siemens partnership, Mount Sinai deployment)[23][16]

·       Cynerio – Press release (2025 KLAS ranking and hospital testimonials)[63][29]

·       Healthcare IT Today – Connected Medical Device Security (Zingbox survey on budget and inventory challenges)[39][64]

·       TechTarget (HealthTech Security) – Best in KLAS 2025 Awards (ranking Claroty, Cynerio, Armis, Ordr)[65][30]

·       Technavio – Medical Device Security Solutions Market Forecast 2024-2028 (market size and growth drivers)[2][38]

·       Asimily – 405(d) HICP Compliance for Medical Device Security (analysis of sector challenges and HICP practices)[66][4]

[1] [59] [60] [62] Healthcare Cybersecurity Benchmarking: Key Metrics | Censinet

https://censinet.com/perspectives/healthcare-cybersecurity-benchmarking-key-metrics

[2] [38]  Medical Device Security Solutions Market Size, Analysis 2024-2028 | Technavio | Technavio

https://www.technavio.com/report/medical-device-security-solutions-market-industry-analysis

[3] [11] [54] [55] Medigate by Claroty Wins Best in KLAS for Healthcare IoT Security - Four Years in a Row | Claroty

https://claroty.com/blog/medigate-by-claroty-wins-best-in-klas-for-healthcare-iot-security-four-years-in-a-row

[4] [5] [6] [17] [18] [36] [45] [66] Medical Device Security for 405(d) HICP Compliance | Asimily

https://asimily.com/blog/medical-device-security-405d-hicp-compliance/

[7] [8] [37] Medical Device Cybersecurity: Strategies to Minimise Risks and Enhance Safety - Device Authority

https://deviceauthority.com/medical-device-cybersecurity-strategies-to-minimise-risks-and-enhance-safety/

[9] media.armis.com

https://media.armis.com/pdfs/rp-spark-matrix-connected-medical-device-security-report-q4-23-en.pdf

[10] [31] [32] The Forrester New Wave: Connected Medical Device Security

https://www.databreachtoday.com/whitepapers/forrester-new-wave-connected-medical-device-security-w-7775

[12] [13] [23] [53] [61] Medigate by Claroty and Siemens Healthineers Collaborate in End-to-End Cybersecurity | Claroty

https://claroty.com/press-releases/medigate-by-claroty-and-siemens-healthineers-collaborate-in-end-to-end-cybersecurity

[14] [15] [33] [34] [44] Healthcare IoT Security Buyers Shift Focus From Tools To Measurable Outcomes

https://hlth.com/insights/news/healthcare-iot-security-buyers-shift-focus-from-tools-to-measurable-outcomes-2026-01-13

[16] [56] [57] [58] Integrating Claroty xDome for Healthcare & Cisco for Enhanced Medical Device Security at Mount Sinai Health System | Claroty

https://claroty.com/resources/case-studies/integrating-claroty-xdome-for-healthcare-cisco-for-enhanced-medical-device-security-at-mount-sinai

[19] [21] Healthcare IoT Security 2023 | KLAS Report

https://klasresearch.com/report/healthcare-iot-security-2023-an-update-on-vendor-performance-and-deep-adopter-utilization/2007

[20] [25] [28] [29] [63] Cynerio Ranked Among Top 2 Vendors in 2025 Best in KLAS in Healthcare IoT Security

https://www.prnewswire.com/news-releases/cynerio-ranked-among-top-2-vendors-in-2025-best-in-klas-in-healthcare-iot-security-302369537.html

[22] [30] [65] Top healthcare cybersecurity vendors win Best in KLAS awards | TechTarget

https://www.techtarget.com/healthtechsecurity/news/366618671/Top-healthcare-cybersecurity-vendors-win-Best-in-KLAS-awards

[24] Claroty xDome for Healthcare & Cisco: Solution Overview

https://claroty.com/resources/integration-briefs/claroty-xdome-for-healthcare-and-cisco-solution-overview

[26] Axonius Acquires Medical Device Security Specialist… - Accelmed

https://accelmed.com/news/axonius-acquires-medical-device-security-specialist-cynerio-for-more-than-100-million-to-target-healthcare-market

[27] Cynerio and Keysight: Reduces Cyber Risk for IoMT Devices

https://www.keysight.com/us/en/assets/3121-1325/solution-briefs/Cynerio-and-Keysight-Reduces-Cyber-Risk-for-IoMT-Devices.pdf

[35] Guide to Implementing HICP - Complyance

https://www.complyance.com/resources/guide-to-implementing-hicp

[39] [64] Many Providers Lack Dedicated Budget For Connected Medical Device Security | Healthcare IT Today

https://www.healthcareittoday.com/2018/11/05/many-providers-lack-dedicated-budget-for-connected-medical-device-security/

[40] [41] [42] [43] [46] [52] Challenges: Healthcare IT Security Budgets vs IoMT Threats

https://www.ivanti.com/blog/healthcare-it-security-budgets-aren-t-keeping-pace-with-iomt-threats

[47] [48] It’s Time for a Converged Approach to Healthcare Cybersecurity | Claroty

https://claroty.com/blog/it-s-time-for-a-converged-approach-to-healthcare-cybersecurity

[49] [PDF] the global healthcare cybersecurity study 2023 - Claroty

https://web-assets.claroty.com/claroty-healthcare-survey-report-aug-2023-cg-2.pdf

[50] IoT Signals healthcare report: Key opportunities to unlock IoT's ...

https://azure.microsoft.com/en-us/blog/iot-signals-healthcare-report-key-opportunities-to-unlock-iots-promise/

[51] Healthcare Cybersecurity in 2025: Why Claroty's Medigate ... - Elisity

https://www.elisity.com/blog/healthcare-cybersecurity-in-2025-why-clarotys-medigate-microsegmentation-and-iomt-security-are-critical-for-compliance

‍