Ordr Recognized in Gartner Market Guide for CPS Protection Platform Read more here!

It has become painfully obvious that medical device manufacturers (MDMs) can’t keep up with the ever-expanding list of discovered vulnerabilities affecting the equipment they make and ship to market. Security researchers recently published a report claiming that as many as 75% of 200,000 devices reviewed have security flaws that make them vulnerable to exploitation by threat actors. More than half of those had multiple vulnerabilities, including many that have been known since at least 2019.

Healthcare delivery organizations (HDOs) like hospitals, urgent care clinics, private practices, and more have taken note. And while they rely on the capabilities that connected medical devices provide to deliver a superior quality of treatment, they also recognize that they can’t count on MDMs to address vulnerabilities promptly. Flaws in operating systems and software used to create the devices may include vulnerabilities that aren’t discovered until long after equipment is put in service. And once in service, it may be difficult to patch devices because they are in use providing critical care.

A Bad Time for Healthcare Security

These findings could not come at a worse time for the healthcare industry, which is already besieged by risk. In another recent report, security researchers found that the industrial control systems and other network-connected systems—devices comprising the internet of things (IoT), operational technologies (OT), and the internet of medical things (IoMT)—used in hospital and healthcare environments had seen a 110% increase in vulnerabilities since 2019. And that was before cybercriminals took advantage of the chaos brought on by the Covid-19 pandemic, increasing cyberattacks on healthcare organizations by 55%, along with an expected spike in attacks associated with the war in Eastern Europe.

This dilemma has necessitated a need to find alternative methods to ensure vulnerable medical devices, critical to the treatment of patients, are secured from threats and that the organizations and patients that rely on them are protected. Rather than wait for fixes, organizations have learned that they can take action now to execute security policies capable of segmenting at-risk devices on the network, allowing them to remain in services, and ensuring only the communication necessary for the device to function are allowed.

See. Know. Secure.

The process of isolating medical devices through network segmentation sounds simple, but it is not. Many MDMs lack complete knowledge of how, once deployed, their devices communicate within their respective hospital networks. The communication patterns, although similar, are not the same even for devices that have similar functions. At the same time, HDOs often lack the tools necessary to understand what devices they have and how they work in every given environment. They may not even know how many devices they have operating on their networks as our own research has shown a visibility gap of as large as 30%.

This has created a market for tools that can passively identify devices and automate the process of segmentation, while ensuring medical devices can continue to function correctly. Ordr is one such tool. Ordr is able to scan a hospital’s network and detect and identify all the devices that are connected and operational, providing full visibility of the organization’s complete asset inventory. That includes not only connected medical devices, but building controls, vending machines, exercise equipment, and even consumer-grade devices that may be in use.

Take Action to Mitigate Risk

Once all devices have been identified and inventoried, they are monitored and compared against a baseline of expected activity. This is done either because a certain device is already known to Ordr, or operations are established through use. Because medical devices must operate within narrow parameters, anomalies are easier to identify. Ordr can then apply security policies that keep medical devices on secure VLANs, isolated from other systems. Should an attack occur, automated response ensures that mission critical systems are kept out of harm’s way, limiting an attack’s “blast radius” within the connected environment.

If your organization is concerned over its potential risk exposure due to the use of vulnerable medical equipment, or if you need to take steps to fortify your network against the increasing threat of cyberattacks, get in touch with us. Many of the world’s most respected healthcare providers trust Ordr to protect their networks, patients, and reputations from the effects of a cyberattack. We can help you, too.


As Ordr has gained momentum over the years, the breadth and depth of our data lake have exponentially grown, with more customers adopting Ordr and extending our solution to protect more parts of their environments. More customers and more departments of each customer’s environment mean more devices, which means more data being ingested to our platform. The growth of our data lake can also be attributed to more external inputs as we increasingly take in new sources of device context data to provide deeper insights and help our customers understand risk.

The rate of data growth we have seen creates unique challenges on the visualization side. Recently we paused to think about how our solution could better organize and present vast amounts of rich analytical data in a way that is both accessible and valuable for our users. It is truly an art indeed on how to balance the desire for simplicity with the appetite for the rich context that goes with it.

As our user base expands to new roles and personas, the product must adapt to different outcomes relevant to each user. Each user’s level of expertise and area of interest may vary, and workflows must cater to these users seamlessly. A product must meet the needs of different roles without the need to fork and build a dedicated version to satisfy the diverse needs of each user. A daunting task is less often discussed but is nevertheless critical to maximizing value for users.

With full awareness of our challenge, we set off to radically improve how we present our ever-increasing data in the most impactful, simple way to our expanding universe of users.

The Approach

As part of our product design process, we decided on an iterative approach called “design thinking,” a process defined as:

A bottom-up, non-linear, team-based iterative process that seeks to understand and empathize with users deeply, challenge existing assumptions, redefine problems, and brainstorm innovative solutions to prototype and test with customers.

Design thinking gave us a framework of 5 stages that include:

Empathize > Define > Ideate > Prototype > Test

With the design thinking framework, we set up a series of workshops and enrolled a range of users from our customers and prospects representing a variety of user roles to provide us both depth and breadth of insights and feedback we needed to collect requirements.

We started the process by asking our users the simple question:

How can we design a better user experience to make the data we provide in Ordr simple to understand and valuable for you and your role?

Some of the key requirements we heard from our design partners included:

  • Organize information to fit my role and help me filter out the noise so I can focus on the information I need.
  • Surface insights most relevant to my role and make them clear. Insights are the road signs that help me make decisions as I look at data.
  • Allow me to “shape” and organize data to fit my needs in a fast and fluid way.
  • Help me maintain the context of my data so I don’t “lose my place” as I move around the application.
  • Let me see different views so I can analyze data from different perspectives and uncover insights that might otherwise be missed.
  • Prioritize content over color to me understand the structure of my data without unnecessary visual distractions.

The New Model Emerges

A key takeaway from the workshops was understanding that one user’s noise is often another user’s signal. It was clear that the new model needed to present data in a simple, customizable way without sacrificing the impact or richness of the data.

A query language approach is a good option, but it could not address the signal-to-noise problem without impacting other user requirements we had gathered during the workshops. For a query language approach to be successful, a user needs to know what they’re looking for and needs to become proficient in the new syntax and semantics of the language. This impacts adoption and time to value – two things we were not willing to sacrifice.

Our analytics engine is rooted in the foundational principle of surfacing a constant stream of prioritized insights in real-time vs. waiting for a user to “ask” for data using a query. In our view, the solution would come from a comprehensive understanding of the intersection between increasing data richness and a variety of UI/UX information retrieval approaches working together to achieve the desired result.

Pillars of the Model

From our learnings in the workshops, we defined the following seven pillars that guided the design of the UI/UX presentation model.

PILLAR 1 – Create a clear consolidated experience for each role

Our users have distinct roles, backgrounds, traits, abilities, and dispositions. We expect this diversity will continue to expand and increase in complexity.

Scoping data coming into the UI based on a user role allows us to reduce the less relevant data (noise) and deliver a clean baseline of data (signal) for each user. With this in mind, we established a persona-based user experience, which requires filtering data from the data lake for a specific role and persona.

Persona-based filtering is easier said than done. The whole platform needs to run dynamic queries in the backend to customize itself on the fly. For example:

  • An inventory and asset management workflow requires data on devices and relevant vulnerabilities.
  • A security incident response workflow requires data on the latest alarms across all assets.
  • A forensics workflow requires data on traffic flows and patterns.

For example, we designed a user role for Healthcare Technology Management (HTM) that switches the entire UI dashboard and shows only data relevant to their role and daily workflow needs.

The UI adapts to these wildly diverse use cases and data requirements while catering to each user’s role.

PILLAR 2 – Provide each user with contextual insights

Insights offer users top-level guidance like a road sign to separate the signal from the noise. Our model uses computationally intensive methods to surface insights in real-time, tailored explicitly for each role.

Each user requires a different dashboard and depth of context for the workflow they are interested in to be presented as top-level data.

PILLAR 3 – Allow each user to shape data relevant to their role

Data Shaping controls the scope of data allowing each user to either explore data or “set and forget” a view for specific workflows. Data Shaping reduces clutter by reducing the number of devices displayed, making it easier to slice and dice the data more cleanly.

For example, in our system, setting the data shaper to a specific location only shows the devices in that location and associated data. Whether the user is in a sub-section of the product or moving across the hundreds of panels, they see only data relevant to that location.

Another example is a radiology technician using the shaper to focus on radiology-related devices. The entire product today customizes itself to radiology devices across all panels and screens. That radiology technician can now work on security, traffic analytics, vulnerability management, risk management, or policy provisioning without being shown the “noise” created by other non-radiology devices.

PILLAR 4 – Enable context-aware search across the entire UI

When the data set accumulates over time into several terabytes, launching a generic search that takes more processing time to respond back after several seconds does not usually present a good user experience. But tailoring the search function to each panel where the user is currently focused on reduces the data set to search and narrowing search parameters resulting in faster query time as well as better user experience.

As an example, in each table and each panel, search parameters differ as follows:

  • Device detail table provides a search function on thousands of device attributes.
  • The security alarm panel provides a search capability using alarm categories as parameters.
  • The traffic analytics panel provides a search capability related to traffic/flow parameters.
  • The application panel provides a search based on destination URL or application protocol details like port numbers.
  • Search enabled in every column of a table with parameters within that column for further quick deep dive of data.

Implementing context-aware search in each panel when there are hundreds of panels is a huge undertaking. But now that it is designed in, it is well worth the effort to minimize complexity for the user.

PILLAR 5 – Allow users to easily share findings and views

Once a user has reduced a view to a list of devices that need further action, that view, including the entire context, can be easily shared with others as a URL. Another user clicking that URL comes back to the same screen with a list of devices without having to search and filter for attributes. This is a perfect example of how context gets naturally amplified with the power of sharing. Our system today allows users to save the context at various places in the navigation workflow and share it with their colleagues.

PILLAR 6 – Allow users to enforce policies quickly without losing context

The action framework allows users to take quick action on any device, alarm, or vulnerability without losing context in the UI. For example, today with this release, a user can identify a list of vulnerable devices and move that complete list to a quarantine VLAN with a single click. Another example is too easily clear a series of alarms associated with devices that have the same make and model with one click. Invoking an action that requires multiple steps in action sequence right within the context without losing focus is critical to get workflows accomplished quickly.

PILLAR 7 – Allow users to define their own region/location for easy aggregation

Ordr gathers location information from various sources including switches, access points, and network management systems. Device location is extremely granular in Ordr and is helpful to track a device as it moves through an organization or locates a device that has gone missing. It is critical to know exactly where a device that is affected by malware/ransomware is connected in the network (switch/port or AP/SSID or VPN (Virtual Private Network) or external).

But for manageability purposes, users want to use location to view all devices in a specific region, site, or location within that site. A location means something different from user to user, so customization is critical. The need to present data based on business function was a key driver for this, and it avoids all the clutter. For example, a user responsible for the Phoenix division can use location to focus on the devices in the Phoenix location only and not have to see devices in other locations. Our ability to aggregate micro-locations into administrative regions is very well received by our customers, given the distributed nature of the various hospital chains as well as the continuous changes in organizational hierarchy due to mergers and acquisitions.

Combining the Pillars

Ordr provides users with details on over a thousand attributes for each device. Attributes include details such as device OS, software stack, vulnerabilities, where the device connects from, connection methods, what the device communicates with internally and externally, risks based on behavior, context information from various tools, and users who have logged into the device.

Ordr is indeed a complex and dynamic system with vast amounts of data and potentially limitless insights. Using all seven pillars in combination, we believe our approach dramatically improves the signal for each user and does so in the context of their specific workflows to ensure they can use our platform and insights efficiently. This platform approach also supports our quest to make the complex problem of securing every connected device simple.

We recently launched Ordr 8 Clinical Defender with persona-based workflows designed for healthcare HTM users. With this new release, we applied the pillar framework above and created a foundation for a scalable platform that will produce many persona-based workflows operating on a single customizable and robust backend data set.

We received some excellent feedback as we shared our latest release and here are some of the things we heard:

It is refreshing to work with a vendor that listens and empathizes with issues and pain points from customers. It’s exciting to see the rubber meet the road regarding suggestions and requests.

Loved what I saw in the review of new GUI.

Data shaper simplifies my current operation dramatically.

I like simplified search and its’ consistency throughout the product.

Location-based shaper is huge both for remote clinic management and for M&A (Mergers & Acquisitions) situations.

Moving forward, we will keep working with our customers and prospects as design partners in this “design thinking” framework to continually evolve our platform. In the end, it is all the constant customer feedback that makes Ordr an excellent product.

We will be back soon with more updates on how the Ordr platform continues to evolve.

In recognition of International Women’s Day, we spent some time with one of Ordr’s many talented female employees: customer success escalation engineer Pallavi Raj.

Pallavi, who began her career at Ordr as a software engineer, has been with us for what she describes as an “enriching one year and four months.” Before coming here, she earned an MS in biotechnology/bioinformatics from Georgetown University, and an MS in MIS (information systems) from the University of Colorado, Denver, Business School. Impressive educational accomplishments.

Prior to pursuing her advanced degrees, Pallavi worked as a content editor with a multi-channel health and nutrition media company responsible for managing connected TV channels like Health Smart, which sparked her interest in information technology. Then she moved on to become a portal manager and digital business operations analyst at Blue Shield of California, playing an instrumental role in launching native mobile apps for both android and iOS customers of Blue Shield.

Those hands-on experiences gave her an understanding of the many facets of technology’s influence on business, and especially in healthcare, that would come into play in her current role at Ordr.

Ordr: What drew you to a career in tech?

Pallavi Raj: As the saying goes, “A person does not gain knowledge by merely possessing an insatiable thirst for it, but by seeking for the means to quench it.” Being a staunch advocate of this philosophy, I strongly stand by the fact that, to shine in an innovative workplace, one should always aim for the perfect combination of analytical and technological proficiency, coupled with a scientific mind and leadership qualities.

Belonging to a family of software engineers, doctors, and technology entrepreneurs, I was always inclined towards being part of the technology domain. I went ahead and earned my master’s in biotechnology with a bioinformatics track from Georgetown University. This course of study exposed me to the amalgamation of biological sciences and information technology, and to the boundless data science possibilities this blend could bring.

Ordr: What was it that drew you to pursue a role at Ordr?

Pallavi: I went on to pursue another MS in information systems to gain momentum in the IT industry. This education proved extremely beneficial in comprehending cybersecurity principles, advanced networking concepts, and database management, as well as the full scope of other technology and management courses that I took during my time at University of Colorado, Denver. The degree was a blend of technical concepts with cybersecurity concentration and managerial concepts focused on business intelligence and programming.

Ordr provided me the golden opportunity to incorporate both my professional experience and academic attributes. Working at Ordr has brought me one step closer to understanding how to develop various skills that could help in harnessing the power of technology, while applying what I have learned in a highly innovative environment.

Ordr: Who has served as a mentor for you, and how have they influenced your career to date?

Pallavi: For me, mentoring means inspiring, guiding, and spearheading the right skills at the right time by the right people. Some of the influential mentors in my life have been my brother who is a senior executive at Amazon; my husband, who has a great deal of rich experience working in the technology sector; and my parents, who are doctors and professors, and have always encouraged me to be an empowered technology talent.

Ordr: How has your experience at Ordr influenced your perspective on tech?

Pallavi: Organizations face a vast array of emerging cybersecurity and vulnerability management challenges, and a higher risk of security breaches due to increased adoption of IoT and other connected devices. Ordr addresses these issues with an innovative mix of artificial intelligence and network packet analysis to support a zero-trust posture for our customers. And in addition to security, we also deliver vital extensive asset management, continuous visibility, and segmentation capabilities. Seeing this from the inside has given me a new perspective and appreciation for what’s possible with a well-designed technology framework.

Ordr: What have you learned in your time here that has surprised you?

Pallavi: One of several surprising elements of my journey at Ordr so far has been observing how the company has not only risen to become a world-class leader in healthcare security, but continues to innovate to do more. Our customers are managing hyper-connected enterprise architectures, and we support them by leveraging machine learning technology where real-time data gets generated, processed, and classified at a humongous scale.

What Ordr has achieved not only in healthcare environments, but for manufacturing, financial services, and critical infrastructure operators around the globe by discovering, identifying, and securing IoT devices against cyber threats has been an incredible learning experience for me.

Ordr: What is the biggest non-technical strength that you bring to your role as a customer success escalation engineer?

Pallavi: I have always been an advocate of expanding my versatility in different areas that can help me to foster positivity and productivity. Having recently assumed a new role here as a customer success escalation engineer, I can apply my problem-solving, self-starter, and communications skills on behalf of our customers to ensure their satisfaction. I believe my optimistic approach towards feedback, my ability to work collaboratively, and my love of lifelong learning are my biggest strengths.

Ordr: What advice would you give to yourself if you could go back to when you were in high school?

Pallavi: I would tell my younger self, “Don’t be afraid to listen to your inner self when it comes to choosing the difficult and challenging path. It might sound risky, but it will lead down a road with unique possibilities and immensely proud accomplishments.”

Ordr: What is your proudest achievement outside of the workplace?

Pallavi: I am proudest of my flexibility in transitioning from a biological background to the IT sector. Finding solutions to difficult problems has always been a strength, and my background dealing with and researching data, and having an experimental mindset, played a crucial role in changing gears for my career.

As healthcare organizations turn more and more to technology as a way to provide a higher quality of healthcare to their patients, and support skilled staff with a means of improving health outcomes for more people, healthcare technology management (HTM) professionals are finding themselves with a greater responsibility to more efficiently manage and mitigate risks from the healthcare IT estate. That is a huge task for smaller organizations, which means the tools they rely on have to be easy to deploy and use, specialized for defense of the healthcare threat landscape, and capable of reducing the burden of time-intensive tasks through automation.

Announcing Ordr Clinical Defender

That is why we just announced Ordr Clinical Defender, a tool to streamline the management of connected medical devices. Based on our advanced asset and risk management platform, and developed in cooperation with HTM professionals from some of the world’s best healthcare delivery organizations (HDOs), Ordr Clinical Defender will serve as a force multiplier for HTM teams, enabling them to more efficiently, accurately and automatically manage and protect their connected medical devices by:

  • Automating real-time asset inventory;
  • Addressing compliance by identifying missing, newly-connected, or misplaced devices;
  • Mitigating risks by identifying devices with vulnerabilities and recalls;
  • Leveraging device utilization insights to support maintenance and procurement decisions; and,
  • Accelerating remediation efforts for devices with clinical risks.

The combination of these capabilities means that healthcare organizations can reduce clinical risks by prioritizing remediation of high-risk devices. Organizations can also save millions of dollars by having a real-time inventory of devices, being able to locate missing devices, and optimizing device utilization. Those savings come by reducing the amount of time HTM personnel spend simply looking for misplaced equipment—as much as one hour per shift. Device utilization insights with Ordr Clinical Defender also mean more efficient utilization of medical equipment, and more efficient spending on the procurement of new equipment.

“In my previous role, I was an Ordr customer, benefitting from the power of the Ordr platform and actively participating in the evolution of the platform. [Ordr Clinical Defender] captures not just device information but a true lifecycle view, identifying where a device is located within the network topology and how it communicates and behaves throughout the organization. This unique lifecycle view is particularly beneficial in healthcare. The launch of the Ordr Clinical Defender will be invaluable to HTM/Biomed teams that can now more effectively manage their medical devices and clinical risks.”

—    Ken Koos, Optiv Consultant, ICS and IOT Product Security

Saving Time and Money

Research has found that there is a discrepancy of between 15-20% between assets registered in an organization’s computerized maintenance management system (CMMS) and devices actually deployed on an organization’s network. That results in inefficient decision making that can impact patient care, and it can also result in the unnecessary purchase of expensive new equipment simply because existing assets are not accounted for by HTM teams.

This lack of visibility increases an organization’s risk and compliance profile because devices operating beyond the visibility of HTM and IT personnel are unprotected and vulnerable to attack. And if a device known to contain a patient’s protected health information (PHI) goes missing, that could constitute a costly data breach. According to the most recent Ponemon-IBM Cost of a Data Breach Report, healthcare organizations incurred an average $9.23 million loss per incident. That figure is by-far the highest of any industry, and more than twice the overall average of $4.24 million.

Developed with HTM Experts, for HTM Professionals

Ordr Clinical Defender was developed with a number of capabilities designed to support the needs of healthcare organizations. Some of these include device-specific reporting and analytics, real-time asset discovery and inventory, automated CMMS data updating, identification of vulnerable clinical equipment, device usage reporting and analytics, guest network monitoring, and management features that facilitate patching, maintenance, and alerts whenever medical devices with PHI have not been seen on the network for more than 60 days.

Ordr Clinical Defender is the product of a collaborative partnership with some of the world’s leading healthcare organizations to develop and deliver a simplified product optimized for the needs of HTM professionals. And because it was developed in cooperation with HTM experts, it has everything HTM and clinical engineering teams need, and no unnecessary extras that might complicate operations. Ordr Clinical Defender means HTM teams have the power of efficient, accurate, and automated medical device management at their fingertips.