Connect Your Health Environment with Confidence

Yours is a complex organization of people working with technology to deliver or receive care in the digital age.  First Health’s industry leading programs reduce disruptive security measures while building cyber resilience into every facet of your care environment.

Program Assessment, Development, Staffing, & Education

IoMT (Medical Device) Cybersecurity Program Assessment

A NIST-based approach to the Internet of Medical Things (IoMT) risk, assessing HTM (Health Technology Management) and Clinical Engineering cybersecurity program structure, staff, and systems and resulting in a Transformation Roadmap

  • Understand how to optimize the tools and policies you have or may need to reduce cyber and patient safety risk
  • Identify gaps in your program and define necessary collaboration with key stakeholders in IT, network, clinical, and operations
  • Assess internal talent while defining key subject matter expertise needed to maintain capability and maturity
  • Review cyber framework compliance and map HTM/CE requirements to security requirements

Program Assessment, Development, Staffing, & Education

IoMT Cybersecurity Program Development

Provides policies, procedures, workflow, etc. for managing a comprehensive IoMT Cyber Program, including development and management of  change authority, governance and team staff augmentation

  • Comprehensive Managed Program with expertise to manage IoMT, Operational (OT), and Industrial Technology (IIoT) – collectively XIoT
  • Optimize the technology, policies, and process you have or need to reduce cyber and patient safety risk
  • Close gaps in your program and foster collaboration with key stakeholders in IT, network, clinical, and operations
  • Develop and train internal talent while supporting with key subject matter expertise needed to maintain resilience
  • Prepare for cyber compliance and utilize data to make informed lifecycle decisions

Program Assessment, Development, Staffing, & Education

IoMT Cybersecurity Program Staffing

Expert staffing targeting for the unique clinical and operational device efficiency and security needs of your organization

  • Security/HTM/Clinical Engineering Program and Project Managers
  • HTM/Clinical Engineering Security Specialists (Engineers and Analysts)
  • Vulnerability Management Subject Matter Experts
  • Network and Segmentation Specialists
  • Policy and Framework Experts

Program Assessment, Development, Staffing, & Education

IoMT Incident Response Program Assessment

Assess Incident Response capability structure, staff, and systems resulting in transformation roadmap

  • Review policies, procedures, process (implementation), testing ability, and integration
  • Review playbooks, contractural obligations, and service level objectives/agreements
  • Assess technology response, automation and alert tuning
  • Evaluate threat sharing and manufacturer communications planning
  • Develop tabletop design and coordination

Program Assessment, Development, Staffing, & Education

IoMT Incident Response Program Development

Provides policies, procedures and technology guidance for running an IoMT Incident Response Program

  • Develop or refine policies, procedures, process (implementation), testing ability, and integration
  • Update or craft playbooks, contractural obligations, and service level objectives/agreements
  • Optimize technology response, automation and alert tuning
  • Streamline threat sharing and manufacturer communications planning
  • Implement tabletop exercises and schedule

Program Assessment, Development, Staffing, & Education

IoMT Risk Management Program Assessment

A NIST based approach identifying a current state of connected clinical asset behaviors, anomalies, and architecture

  • Cyber focused review of policies, procedures, process (implementation), testing ability, and integration
  • Review risk playbooks, contractural obligations, and service level objectives/agreements
  • Assess technology integration and risk context
  • Evaluate threat sharing and manufacturer communications planning
  • Develop control roles, responsibilities, and stakeholder sharing requirements

Program Assessment, Development, Staffing, & Education

IoMT Risk Management Program Development

Provides policies, procedures, and technology optimization for running an IoMT Risk Management Program

  • Cyber focused deployment of policies, procedures, process (implementation), testing ability, and integration
  • Mature risk playbooks, contractural obligations, and service level objectives/agreements
  • Operationalize technology integration and risk context
  • Streamline threat sharing and manufacturer communications planning
  • Initiate control roles, responsibilities, and stakeholder sharing requirements

Value Acceleration Programs

IoMT Security Platform - Value Acceleration Program

Kick-start adoption and deployment of IoMT security applications and accelerate the identification of clinical device optimization opportunities across people, processes and technology.

  • High-priority cyber focused deployment of policies, procedures, process (implementation), testing ability, and integration
  • Initiate risk playbooks, contractural obligations, and service level objectives/agreements
  • Operationalize technology integration and risk context
  • Identify threat sharing and manufacturer communication activities
  • Initiate control roles, responsibilities, and stakeholder sharing requirements

Value Acceleration Programs

CMMS Platform - Value Acceleration Program

Kick-start and develop plan for the organization’s CMMS goals, current state, and roadmap. Focuses on people, process, and data accuracy.

  • High-priority CMMS focused deployment of policies, procedures, process (implementation), testing ability, and integration
  • Initiate risk control flows
  • Operationalize technology integration and risk context
  • Identify resource requirements for program capability and maturity
  • Initiate control roles, responsibilities, and stakeholder sharing requirements

Platform Selection, Implementation, Integration, & Staffing

IoMT Security Platforms

IoMT Selection, implementation, integrations, and staffing

  • Selection: Align business requirements, strategic imperatives, and budget considerations
  • Implementation and Integration: Operationalize selected technology platform for visibility, risk, and utilization outcomes
  • Subject Matter Expertise:  Staff augmentation and training to fill program gaps or priorities

Platform Selection, Implementation, Integration, & Staffing

CMMS Platforms

CMMS Selection, implementation, integrations, and staffing

  • Selection: Align business requirements, strategic imperatives, and budget considerations
  • Implementation and Integration: Operationalize selected technology platform for visibility, risk, and utilization outcomes
  • Subject Matter Expertise:  Staff augmentation and training to fill program gaps or priorities

Strategic Services

Vulnerability Management - IoMT (Medical Devices) & Operational Technologies

Provides MDSP administration, Vulnerability output prioritization and corrective action planning supported by minimal VM specific workflow development minimal remediation oversight to client mitigation/remediation teams. May include staff augmentation for VM and CVE acknowledgement and assessment within MDSP

  • Vulnerability Program engineers and analysts
  • Continuous Risk Contextualization and Prioritization Activity
  • Incident Response Coordination

Strategic Services

Patch Management - IoMT (Medical Devices) & Operational Technologies

Provides standard windows OS device patch management strategy (WSUS) and hardware, configuration and support requirements

  • High-priority patch management augmentation
  • PM/CM workflow management for patching support
  • Reconciliation and data clean up expertise

Strategic Services

Segmentation Analysis, Planning & Design

Trusted visibility can inform effective segmentation approaches that can greatly improve the risk posture in the environment of care.  The strategy behind your segmentation approach must account for a multitude of risk profiles, unique workloads, controls and dynamic processes.  Clinical and operational technologies are more challenging to segment than traditional IT assets, requiring efficient harmony of tools, personnel, policy, and clinical context.  Zero-trust approaches must be carefully assessed in the environment of care with a variety of stakeholders.

  • First Health are experts in assessing current state segmentation
  • Leading practice on how visibility tools inform and integrate with your segmentation approach
  • Experts in planning, operationalizing, and maintaining a robust segmentation strategy