Claroty and CrowdStrike have announced the publication of a joint piece of research that advocates a more simplified approach to securing the Internet of Health Things (IoHT). The paper is entitled, "Healthcare IoT Security Operations Maturity, A Rationalized Approach to a New Normal." It promotes the idea that health systems should focus on improving essential "blocking and tackling" asset management and security skills before contemplating investments in more advanced, layered defense capabilities.
The paper highlights a governing philosophy that says an intimate understanding of connected assets is required before threat processing can be effective. It delivers an advanced definition of "visibility," how Claroty and CrowdStrike have combined forces to deliver it, and why such new-found visibility must be effectively orchestrated to unify modern detection and threat prevention capabilities.
For the first time, specific data reflecting how Claroty and CrowdStrike's shared health system clients are managing widespread vulnerabilities, including missed opportunities to remediate many of them, is offered for educational purposes. The facts provided identify immediate steps that health systems can take to quickly improve their respective cybersecurity postures.
As background, current cyberthreats to healthcare with an emphasis on the explosion in ransomware is detailed, as is a position on the "to pay or not to pay" policy debate that is now top of mind with public officials and hospital leadership. Emerging Security Risk Assessment (SRA) perspectives are discussed in this context, including their relationships to the current transformation taking place in healthcare cyber insurance underwriting and credit scoring.
And notably, the paper reveals how no standard exists that hospitals are using to calculate attack restoration costs.
Perhaps most importantly, the paper discusses the need for professional convergence as a means for health systems to address long-standing shortages in IT and technology management staffing. It discusses how technology can be used as a lynchpin for upskilling and how properly sequenced investments in automation can deliver solutions that are greater than the sum of their respective roles and parts. The common reference foundation promoted in the paper is argued as essential, not only as a way to harden existing healthcare security infrastructures, but as a means to ensure the performance of future investments in layered defense capabilities.
And finally, because an integrated approach to security and asset management is described as a silo-busting affair that creates operational leverage, this paper ends by explaining how Claroty and CrowdStrike are jointly and separately translating that leverage into business value. Both companies share details explaining how returns on security investments can now be effectively measured.
The research can be accessed here.
