Advancing Secure & Efficient Healthcare

Strategy | Policy | Governance | Risk Management

Safeguarding Asset and Data Interoperability

Comprehensive Security and Operations Platform for Connected Healthcare Assets and Data

01Layer Gain Visibility Inventory, calculate risk, and prioritize
02Layer Operationalize Data-driven action plan to mitigate risk
03Layer Govern Security and privacy vigilance through policy, people, and lifecycle management

Framework Objectives and Activities

Medical Device and IoT Program Services

Seeking Market Awareness

Connected Asset Risk Framework

  • Webinars
  • Speaking Engagements
  • Policy and Regulatory interpretation
  • White papers
  • CISO to CISO
  • Executive brief
  • Education
 01 Answers the "What is out there" question.
Organizational Readiness

Connected Asset Risk Framework

  • Human factor best practice
  • Risk assessment artifacts
  • Roles and responsibilities
  • Clinical Engineering and IT Security collaboration
  • Security program integration preparation
  • Budget guidance
  • Total cost of ownership
 02 Is my organization really ready and set-up for success?
Requirements Analysis and RFP/System Selection

Connected Asset Risk Framework

  • Vendor awareness/partnerships
  • Selection criteria
  • Scoring guide
  • Market and product evaluation / comparison / analysis
 03 Organizational alignment, and what defines completion / success? What are we expecting to get out of this solution?
Preparedness and Implementation

Connected Asset Risk Framework

  • Network and infrastructure
  • Project documentation
  • Kick-off meeting
  • Team development and collaboration
  • Connected asset data collection
  • Connected asset data integration
 04 The key to the entire solution is right here; this defines how successful the next steps will be
Device Visibility and Integration

Connected Asset Risk Framework

  • Inventory connected assets
  • Identify security vulnerabilities
  • Calculate risk to device and organization
  • Develop near term action plan to address critical vulnerabilities
  • Develop short term budget to address mission critical remedies
  • Integration to leverate existing security investments
  • Mitigate false positives
 05 Are we seeing what we expect to see Have we removed what we do not want to see (i.e. guest wireless, etc)?
Operationalize and Prioritize Risk Mitigation

Connected Asset Risk Framework

  • Organizational security posture
  • Develop mature connected asset security program
  • Network segmentation report and recommendation
  • Develop data driven medical device strategy and security program
 06 The overload alarm effect; and how to we prioritize, focus, and check boxes?
Security Operations Integration

Connected Asset Risk Framework

  • Policies
  • Develop / establish governance
  • Education
  • Inventory and vulnerability reporting
  • Dashboard and risk report dashboard development
  • Roadmap for connected asset management and planning
 07 Who, what, where and when - roles and responsibilities clearly defined. Do we have the correct people and skills?
Enhance Governance

Connected Asset Risk Framework

  • Incident management
  • Organizational security product assessment and recommendations
  • Integration into existing security program
  • Reduce alarm fatigue via security integration program
 08 Are we reporting the correct information to the correct committees and teams? Are we compliant?
Continuous Operations

Connected Asset Risk Framework

  • Management contract
  • Virtual support
  • Cross training
  • Affordability
  • Board interaction and reporting
  • Security reporting and metrics
  • Operational review / consulting
  • 24×8 NOC / SOC solutions
  • SecOps (Security Operations)
 09 Are we secure? Are we prepared for an incident? Are we aware of latest threats?

Medical Device and IoT Security Program Experts

Randy Bailey

Co-Founder and Chairman

Co-Founder and Chairman, Randy brings 34 years of HIT leadership, security program development, and risk management knowledge in partnership with our clients.

Toby Gouker, Ph.D.

VP and CISO

Toby brings 31 years of cybersecurity education, framework knowledge, and Medical Device/IoT leadership to First. He has extensive security policy experience for healthcare entities.

Carter Groome

Co-Founder CEO

Co-Founder and CEO of First, Carter brings 25 years of HIT, management consulting, health policy, and security leadership experience to our clients.

Jack Wagner

VP of Advisory Services

Jack is the VP of Advisory Services for First with 32 years of Medical Device/IoT Security and Technology Services leadership. Jack leads First's Guardian Program Team.

Meet the Entire First Leadership Team

Behavioral change programs have an enormous impact in reducing human factor risk

“If I had to make a choice about the one thing to spend money on, it would be about getting the word out, talking to people and training people about the risks.” – Health System CISO

First Healthcare Workforce Cyber Behavior Assessments

Who We Work With