Santa Clara, United States – Ordr, the provider in connected device security, announced Ordr Clinical Defender 8.1, providing healthcare technology management (HTM) teams a full-lifecycle vulnerability management platform to more efficiently prioritise and address risks for their connected medical devices.

Clinical engineering teams are tasked with managing thousands of medical devices, many of them critical to patient care and safety. The volume of devices is increasing every day, with equipment from hundreds of manufacturers, running an enormous volume of operating systems. As hospitals merge (or are acquired), the diversity of devices can multiply overnight. The attack surface also continues to expand – while device visibility decreases – as healthcare providers open remote clinics and support telemedicine environments.

Securing the environment of care directly depends on the operational efficiency of the HTM team. With the 8.1 release, Ordr Clinical Defender optimises the process of managing medical devices and their vulnerabilities. HTM teams benefit from visibility into devices everywhere, with insights optimised based on their function, location, skills, and experience. Critical vulnerabilities are prioritised based on business risks, and simplified workflows assign the right tasks to the right teams. As a result, no time is wasted, and no vulnerabilities go undetected or unaddressed.

“Simply put, HTM teams require more efficient ways to monitor devices and vulnerabilities in an ever-expanding healthcare environment,” says Pandian Gnanaprakasam, Ordr chief product officer and co-Founder. “Ordr Clinical Defender allows each user to focus on the specific devices they’re responsible for, from a single screen, and helps them understand, prioritise and manage vulnerability workflows based on full business context. This will ultimately improve efficiencies and enhance patient safety.”

The Clinical Defender 8.1 release also adds the Ordr Software Inventory Collector, and integration with Crowdstrike and Crowdstrike Humio to ensure HTM teams have comprehensive device and operating system visibility at their fingertips. Healthcare organisations no longer have to struggle with discovering offline devices, those in remote clinics and locations, and behind VPN connections, making it easy to properly patch software and protect every device everywhere. Healthcare delivery organisations can now also easily manage diverse devices – from un-agentable devices like MRI systems to medical workstations with agent-based Crowdstrike protections – within the same environment of care. 

“The visibility that we now have into our networked devices and their software inventory gives us greater assurance that we are properly maintaining and securing our systems to ensure that we can continue to provide excellent service and patient care,” says Stacy Estrada, information security manager, Montage Health.

“Efficiencies in HTM and clinical engineering teams translate to improvements in patient safety,” says Boyd Hutchins, director of clinical engineering, Arkansas Children’s Hospital. “With the enhancements in Ordr Clinical Defender 8.1, HTM teams will now be able to manage the complete vulnerability lifecycle for all clinical devices. Ordr takes us beyond vulnerability monitoring and remediation to visibility into system utilisation, instant access to system configuration, software levels, and location within our system.”

Clinical Defender was built on Ordr’s foundational asset and risk management features and developed with practices from the top healthcare delivery organisations in the world. Now with comprehensive visibility into the software “stack” essential to understand vulnerabilities, Ordr makes it easy for HTM teams to work with their security teams to address the shared goal of patient safety.

“Ordr Clinical Defender has been an invaluable tool to help our clinical engineering teams improve the management and security of our IoMT devices,” says Dave Yaeger, Biomed Security DBA for ProHealth Care. “The advancements in the latest release support our whole hospital security approach across the healthcare system and will evolve the way our clinical engineering and security teams work together to manage device vulnerabilities and risks.”

Ordr Clinical Defender 8.1 delivers the following:

• Risk reduction through full-lifecycle vulnerability management – Ordr simplifies how healthcare delivery organisations manage the complete vulnerability lifecycle for connected healthcare devices.
     ○     View all risks on a single vulnerability dashboard – Ordr now provides a single clinical vulnerability dashboard to help view all clinical vulnerabilities, across all vulnerability databases. 
     ○     Prioritise vulnerabilities based on risks – Ordr’s Customisable Clinical Risk Score allows HTM teams to plan and prioritise remediation efforts. Risk scores are automatically calculated based on environmental factors and device lifesaving capabilities and are easily customised to align with organisational goals.
     ○     Optimise mitigation efforts – Leverage simplified workflows to collaborate across teams and manage the entire lifecycle of vulnerabilities. Custom Tags can be used to associate devices with applications, location, priorities, groups, individuals, or other key attributes, to simplify management of vulnerabilities across teams.  
     ○     Collaboration with security teams – Ordr now integrates with Humio, Crowdstrike’s scalable log management platform, sharing medical device context to facilitate better collaboration with security teams.

• Operational efficiency by aligning to HTM roles and responsibilities – Ordr enables users to group devices based on real-world business functions, allowing each user to see all devices under their management – and only those devices. Devices may be grouped by device type, across multiple types, by location, cost centre, ownership, or any other business logic. This is useful when a mix of devices such as workstations, medical equipment, security cameras and more must be managed and maintained by an individual or group.
• Enhanced security by eliminating device blind spots – Ordr Software Inventory Collector and Ordr’s new integration with Crowdstrike eliminate blind spots by gaining granular details of all connected devices everywhere.
     ○     Simplify how device context is gathered – Ordr Software Inventory Collector simplifies how device context, including vulnerabilities, can be gathered for all managed and unmanaged devices on all leading operating systems, no matter where and how the devices and users connect. This includes devices offline or online, in remote locations, and connected behind VPN or gateways.
    ○     Comprehensive visibility for all devices, managed and unmanaged – Ordr now integrates with Crowdstrike. The integration provides healthcare delivery organisations with comprehensive visibility across all devices, managed and unmanaged. Insights from devices with Crowdstrike agents are integrated within the Ordr DataLake to enhance device context.

“Ordr tracks IoT, OT, and medical devices where the CrowdStrike agent cannot be installed. By integrating Ordr’s dataset with Falcon’s in Humio, Crowdstrike’s scalable log management platform, this solution provides our customers unprecedented observability and visibility on all devices, agent or agentless, 24×7, online or offline,” says Adam Hogan, SE director, Humio, CrowdStrike.

“Connected devices in healthcare bring unique risks. Ordr Clinical Defender 8.1 demonstrates Ordr’s continued focus on innovation, and will allow us to help healthcare providers to more effectively manage clinical vulnerabilities across the full lifecycle and safely deliver connected care,” says Carter Groome, CEO, First Health Advisory.

To learn more about Ordr Clinical Defender 8.1 and how it can help your HTM team stay on top of connected device security, visit here and Ordr. Sign up for the Ordr Masterclass on September 15, featuring a deep dive into Ordr Clinical Defender 8.1 features.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow.