Program Assessment, Development, Staffing, & Education
IoMT (Medical Device) Cybersecurity Program Assessment
A NIST-based approach to the Internet of Medical Things (IoMT) risk, assessing HTM (Health Technology Management) and Clinical Engineering cybersecurity program structure, staff, and systems and resulting in a Transformation Roadmap
- Understand how to optimize the tools and policies you have or may need to reduce cyber and patient safety risk
- Identify gaps in your program and define necessary collaboration with key stakeholders in IT, network, clinical, and operations
- Assess internal talent while defining key subject matter expertise needed to maintain capability and maturity
- Review cyber framework compliance and map HTM/CE requirements to security requirements
Program Assessment, Development, Staffing, & Education
IoMT Cybersecurity Program Development
Provides policies, procedures, workflow, etc. for managing a comprehensive IoMT Cyber Program, including development and management of change authority, governance and team staff augmentation
- Comprehensive Managed Program with expertise to manage IoMT, Operational (OT), and Industrial Technology (IIoT) – collectively XIoT
- Optimize the technology, policies, and process you have or need to reduce cyber and patient safety risk
- Close gaps in your program and foster collaboration with key stakeholders in IT, network, clinical, and operations
- Develop and train internal talent while supporting with key subject matter expertise needed to maintain resilience
- Prepare for cyber compliance and utilize data to make informed lifecycle decisions
Program Assessment, Development, Staffing, & Education
IoMT Cybersecurity Program Staffing
Expert staffing targeting for the unique clinical and operational device efficiency and security needs of your organization
- Security/HTM/Clinical Engineering Program and Project Managers
- HTM/Clinical Engineering Security Specialists (Engineers and Analysts)
- Vulnerability Management Subject Matter Experts
- Network and Segmentation Specialists
- Policy and Framework Experts
Program Assessment, Development, Staffing, & Education
IoMT Incident Response Program Assessment
Assess Incident Response capability structure, staff, and systems resulting in transformation roadmap
- Review policies, procedures, process (implementation), testing ability, and integration
- Review playbooks, contractural obligations, and service level objectives/agreements
- Assess technology response, automation and alert tuning
- Evaluate threat sharing and manufacturer communications planning
- Develop tabletop design and coordination
Program Assessment, Development, Staffing, & Education
IoMT Incident Response Program Development
Provides policies, procedures and technology guidance for running an IoMT Incident Response Program
- Develop or refine policies, procedures, process (implementation), testing ability, and integration
- Update or craft playbooks, contractural obligations, and service level objectives/agreements
- Optimize technology response, automation and alert tuning
- Streamline threat sharing and manufacturer communications planning
- Implement tabletop exercises and schedule
Program Assessment, Development, Staffing, & Education
IoMT Risk Management Program Assessment
A NIST based approach identifying a current state of connected clinical asset behaviors, anomalies, and architecture
- Cyber focused review of policies, procedures, process (implementation), testing ability, and integration
- Review risk playbooks, contractural obligations, and service level objectives/agreements
- Assess technology integration and risk context
- Evaluate threat sharing and manufacturer communications planning
- Develop control roles, responsibilities, and stakeholder sharing requirements
Program Assessment, Development, Staffing, & Education
IoMT Risk Management Program Development
Provides policies, procedures, and technology optimization for running an IoMT Risk Management Program
- Cyber focused deployment of policies, procedures, process (implementation), testing ability, and integration
- Mature risk playbooks, contractural obligations, and service level objectives/agreements
- Operationalize technology integration and risk context
- Streamline threat sharing and manufacturer communications planning
- Initiate control roles, responsibilities, and stakeholder sharing requirements
Value Acceleration Programs
IoMT Security Platform - Value Acceleration Program
Kick-start adoption and deployment of IoMT security applications and accelerate the identification of clinical device optimization opportunities across people, processes and technology.
- High-priority cyber focused deployment of policies, procedures, process (implementation), testing ability, and integration
- Initiate risk playbooks, contractural obligations, and service level objectives/agreements
- Operationalize technology integration and risk context
- Identify threat sharing and manufacturer communication activities
- Initiate control roles, responsibilities, and stakeholder sharing requirements
Value Acceleration Programs
CMMS Platform - Value Acceleration Program
Kick-start and develop plan for the organization’s CMMS goals, current state, and roadmap. Focuses on people, process, and data accuracy.
- High-priority CMMS focused deployment of policies, procedures, process (implementation), testing ability, and integration
- Initiate risk control flows
- Operationalize technology integration and risk context
- Identify resource requirements for program capability and maturity
- Initiate control roles, responsibilities, and stakeholder sharing requirements
Platform Selection, Implementation, Integration, & Staffing
IoMT Security Platforms
IoMT Selection, implementation, integrations, and staffing
- Selection: Align business requirements, strategic imperatives, and budget considerations
- Implementation and Integration: Operationalize selected technology platform for visibility, risk, and utilization outcomes
- Subject Matter Expertise: Staff augmentation and training to fill program gaps or priorities
Platform Selection, Implementation, Integration, & Staffing
CMMS Platforms
CMMS Selection, implementation, integrations, and staffing
- Selection: Align business requirements, strategic imperatives, and budget considerations
- Implementation and Integration: Operationalize selected technology platform for visibility, risk, and utilization outcomes
- Subject Matter Expertise: Staff augmentation and training to fill program gaps or priorities
Strategic Services
Vulnerability Management - IoMT (Medical Devices) & Operational Technologies
Provides MDSP administration, Vulnerability output prioritization and corrective action planning supported by minimal VM specific workflow development minimal remediation oversight to client mitigation/remediation teams. May include staff augmentation for VM and CVE acknowledgement and assessment within MDSP
- Vulnerability Program engineers and analysts
- Continuous Risk Contextualization and Prioritization Activity
- Incident Response Coordination
Strategic Services
Patch Management - IoMT (Medical Devices) & Operational Technologies
Provides standard windows OS device patch management strategy (WSUS) and hardware, configuration and support requirements
- High-priority patch management augmentation
- PM/CM workflow management for patching support
- Reconciliation and data clean up expertise
Strategic Services
Segmentation Analysis, Planning & Design
Trusted visibility can inform effective segmentation approaches that can greatly improve the risk posture in the environment of care. The strategy behind your segmentation approach must account for a multitude of risk profiles, unique workloads, controls and dynamic processes. Clinical and operational technologies are more challenging to segment than traditional IT assets, requiring efficient harmony of tools, personnel, policy, and clinical context. Zero-trust approaches must be carefully assessed in the environment of care with a variety of stakeholders.
- First Health are experts in assessing current state segmentation
- Leading practice on how visibility tools inform and integrate with your segmentation approach
- Experts in planning, operationalizing, and maintaining a robust segmentation strategy
