Read Ordr Security Bulletin on Volt Typhoon Advisory Read more here!

The past two years have been extremely challenging for healthcare providers. The pandemic thrust healthcare providers into an unprecedented period of transformation. It increased the importance of asset management as medical devices were mobilized and rapidly deployed to deal with the surge of patients. This was followed by the hybrid workforce trend and telemedicine adoption that extended the caregiving environment (and devices) beyond traditional hospital walls. At the same time, cyberattacks like ransomware increased in frequency and severity, reverting many hospitals to pen and paper and disrupting patient care.

The modern healthcare environment now must support the proliferation of connected medical devices that are critical to patient care and operations. Healthcare providers monitor these devices continuously and keep them functioning efficiently but must also protect them against cyberattacks.

Addressing Healthcare Provider Challenges

When Ordr and GE HealthCare first began collaborating, we spoke to several Biomedical & Healthcare Technology Management (HTM) and Security teams about the top challenges they were facing.

From these conversations, we learned there is untapped potential in optimizing healthcare networks with real-time data to improve clinical productivity, enable equipment uptime, simplify troubleshooting, and maximize the utilization of clinical assets. With hospital funding challenges and workforce turnover, the more efficient biomedical and HTM teams can be, and the fewer manual processes they have, the happier they will be.

Here are some of the challenges Biomed and Clinical Engineering teams are facing and how we are helping them:

  • Locating devices and understanding utilization: Biomedical engineering and HTM teams can spend more than an hour per person per shift locating devices and patient data modules in the hospital. Often, once they finally locate the devices, they discover that the devices are in use and cannot be serviced, patched or updated.  Our new service offering helps eliminate this costly inefficiency, enabling biomed and HTM teams access to connectivity (physical or network) and near real-time utilization details for every device. They can locate specific devices for maintenance or troubleshooting, including GE HealthCare patient data modules and the bedside monitors to which they are connected.
  • Visibility into devices and flows: Manual processes to discover and manage device fleets can be inefficient.  With this service, biomed and HTM teams will benefit from automated discovery and classification of devices, visibility into device flows and connectivity, and near real-time and accurate device data that can integrate into their existing CMMS. This reduces the need for biomed and HTM teams to perform labor-intensive and error-prone tasks of walking around hospitals trying to identify devices, their serial number and where they are connected to. Behavior anomaly alerting on traffic flows can help identify compliance issues such as medical devices moving to the guest VLAN.
  • Monitoring and troubleshooting Intermittent outages: Biomed and HTM teams may not be aware of devices impacted by communications or performance issues until it’s too late. When medical devices are impacted by downtime, clinical workflows suffer. Essentially, clinicians’ ability to provide quality care is compromised If they are unable to use these devices or access the information they need to do their jobs and treat their patients. As part of the Ordr and GE HealthCare’s service offering, we have developed new application and network monitoring functionality for the CARESCAPE network. Healthcare systems can proactively identify issues before they impact clinical care. An early “diagnosis” of potential issues, along with granular insights for troubleshooting, can eliminate major failures, decrease downtime, and lower service costs.
  • Vulnerability management:  When new vulnerabilities are published by manufacturers or software providers, it can take a great deal of time for healthcare providers to determine which of their devices are impacted, slowing their response time. Lack of accurate device data (OS, software version, etc.) can make it difficult to assess risk and identify devices with vulnerabilities. Our service offering enables hospital security and biomed/HTM teams to identify and focus on specific vulnerabilities affecting clinical assets under their management, prioritize vulnerabilities with Clinical Risk Scores, and self-manage the remediation process with simplified workflows and custom tags.

Why Ordr and GE HealthCare Collaboration

“Empowering Biomedical Technicians, Clinical Engineers, and Hospital IT with easy-to-use tools aimed at improving self-managed network security, productivity, and equipment uptime is key to enhancing critical patient care.” said Alla K. Woodson, GE Healthcare’s Global GM, Patient Care Solutions – Services & Consumables. “This network performance and security solution brings together the technology and scale of our two organizations to help ensure that our customers have visibility and access to actionable insights.”

“Hospitals and healthcare facilities rely on GE Healthcare’s CARESCAPE networks to host critical patient care devices, it is of the utmost importance that these networks – and everything connected to them – remain secure and operating at peak efficiency,” added Jim Hyman, CEO of Ordr. “The deep integration of the Ordr platform with the GE Healthcare CARESCAPE network will help give healthcare organizations comprehensive clinical asset visibility, security and performance capabilities they need to optimize and protect their environment of care.”

GE HealthCare’s Service Offering for CARESCAPE patient monitoring networks that harnesses the power of Ordr platform, will be available early this year.  For more details on the offering, contact info@ordr.net.


It’s a new year, and with so much uncertainty, seven of Ordr’s executives and subject matter experts offer ironclad predictions for what to expect in connected device security in 2023.

Bryan Gillson – Head of Vertical Market Strategy

As a result of the convergence of information technology (IT) and operational technology (OT) and expanding connectivity of once isolated industrial infrastructure, there will be a notable increase in attacks targeting OT. Ransomware, cyberterrorism, and other attacks will be the unfortunate result and critical infrastructure environments will be a primary target.

OT like industrial control systems (ICS), supervisory control and data acquisition (SCADA), and similar equipment was once protected by air-gapping their networks from traditional IT and the internet (the Purdue Enterprise Reference Architecture, or Purdue Method). However, as trends like remote supervision, automation, and digital supply chain management have taken hold, greater levels of connectivity have opened those once isolated environments—including legacy systems running obsolete, unsupported, and unsecure equipment—putting them in reach of threat actors who have proven themselves all-too willing to take advantage of any vulnerability, and any type of organization.

Jim Hyman – CEO

CISOs and cybersecurity champions inside more organizations will see a sharp increase in support as corporate boards bring in cybersecurity expertise. When the U.S. Federal Trade Commission (FTC) issued guidance last year putting corporate boards on notice that “data security begins with the Board of Directors,” it added fuel to a process that had been slowly gaining momentum in recent years by elevating the issue of cybersecurity within corporate governance. In 2023 that process will translate to meaningful support for security initiatives, including budgets and staffing.

Similarly, in 2023 more organizations will be held to account for their lax security programs and we can expect to see greater attention given to the issue of cybersecurity by federal legislators. Lawmakers are growing impatient with corporate inaction even as threats begin to affect individuals amid attacks on critical infrastructure, including hospitals. As Senator Ron Wyden told MIT Technology Review, “There’s a tendency to hype the capabilities of the hackers responsible for major cybersecurity incidents, practically to the level of a natural disaster or other so-called acts of God. That conveniently absolves the hacked organizations, their leaders, and government agencies of any responsibility.”

In 2023 more organizations will be held to account for their lax security programs and we can expect to see greater attention given to the issue of cybersecurity by federal legislators.

Kahil Thomas – Regional Sales Manager, Healthcare

Inventory tools like configuration management databases (CMDBs) and computerized maintenance management systems (CMMSs) will play an increasingly critical role in cybersecurity as the number of connected devices continues to soar and organizations turn to automated solutions to scale security efforts. The importance of these tools , in turn, will prioritize the need to automate the collection of asset details, aggregate data from multiple sources, and ensure accurate, real-time information.

Gartner has identified the expansion of cyber-physical systems, including IoT and other connected devices, as a major risk for organizations that fail to account for all assets across their environment. Human effort alone is not capable of keeping up with the growth of connected devices and that is why automation is essential to all cybersecurity related tools.

Gnanaprakasam Pandian – co-founder and Chief Product Officer

In 2023, organizations will finally have a single, unified asset knowledgebase for cyber security. This is essential to achieving and maintaining a Zero Trust security posture that spans IT, OT, and IoT. That is because maximizing protection demands there be no blind spots; and gaining a unified view of all connected assets, along with their essential business context, is foundational for cyber security today. That capability represents the keys to the cybersecurity kingdom, and it will be available to most organizations in 2023. Many organizations (but not all) will embrace it.

Also, the era of proactive protection using behavioral models will finally displace the era of reactive remediation. This will relieve a tremendous burden from security teams that currently spend an enormous amount of energy on reactive remediation and allow them to apply their skills to other areas of security, like optimization, automation, and forensics. Effective security means knowing what a device does much more than what the device is. Hence, behavioral modeling of devices will form the foundation of threat detection and automated response.

The era of proactive protection using behavioral models will finally displace the era of reactive remediation.

Darrel Kesti – VP of Sales

Healthcare will see an increase in mergers and acquisition activity in 2023 as a result of the financial toll on the industry since early 2020, including effects related to both the pandemic and a sharp increase in costly cyberattacks. Smaller and independent hospitals, clinics, and related service providers that are no longer able to deliver a high quality of care will see some operations shut down while others will be absorbed by larger providers, extending their reach and expanding their market footprint. But because many smaller healthcare organizations have been targeted relentlessly by threat actors, acquiring organizations must be careful to conduct thorough due diligence to determine if any threats exist before merging IT estates.

We will also continue to see an increase in cyber insurance premiums and coverage limitations in 2023 across healthcare and all other industries. As a result of the growing number of claims and increasing scrutiny, cyber insurance providers will demand greater documentation of essential security controls and will refine their audits and reviews to verify adequate security measures are in place, paying close attention to the complete 3PT (People, Process, Policy, and Technology) elements of security programs to reduce their risks.

Bryan Wallace – Head of Partner Sales

Network administration teams will be squeezed between being short-staffed due to a tight labor market and tightening budgets even as security requirements and expectations increase in the coming year. Trends toward network segmentation, Zero Trust implementation, and complete cyber asset attack surface management (CAASM), among other network-centric security priorities, will push organizations toward adopting new tools to simplify the definition and implementation of rigorous security policies (e.g., firewall, NAC, switch ACLs) and that allow teams to do more with less.

Similarly, both security and network teams will require a unified view of inventory and risks across IT, OT, and IoT assets as connectivity between industrial and administrative networks continues to expand. The blending of these environments will increase complexity and risk, while making security and IT operations management impossible without the right (automated) tools.

Trends toward network segmentation, Zero Trust implementation, and complete cyber asset attack surface management (CAASM)… will push organizations toward adopting new tools to simplify the definition and implementation of rigorous security policies

Paul Davis – VP of Customer Success

Cyberattacks targeting the healthcare industry will continue to increase, driving legislation at the state and federal level in the U.S., and abroad, while also prompting the industry to adopt stricter security standards on its own. In response, healthcare organizations will look for ways to generate efficiencies for security in what are often complex organizations.

With the overlap between traditional IT security teams and biomed/clinical engineering becoming more apparent, there will be pressure to adopt monitoring and security management tools that address requirements across the teams in 2023. The goal of these efforts is to improve visibility of the attack surface and response to threats while providing a more consistent and effective way of communicating security risk across the whole organization.