I recently had one of those conversations that reminded me why I love working at ORDR. I was talking with Smitty from Emplify Health about how they tackled one of the toughest problems in healthcare security: protecting 100,000 devices — many of them unmanaged, managed by vendors, or completely outside the purview of their existing tools.
You know the feeling, right? You’ve got medical pumps, imaging equipment, HVAC systems, and vendor-managed devices that can’t run endpoint agents. They’re critical to patient care, but from a security perspective, they might as well be ghosts. Emplify Health was grappling with this exact problem until they flipped their approach.
The usual strategy of installing agents, running scans, and maintaining spreadsheets simply doesn’t work in healthcare. When devices support patient care, you can’t disrupt them. When they’re vendor-owned or running ancient OSs, you can’t install anything on them. The result? Massive blind spots.
Here’s what Smitty and Emplify Health taught me, that visibility alone isn’t the goal. It’s what you do with that visibility that matters. Because ultimately, the goal isn’t just to see everything. It’s to segment the systems that keep your operations running and your patients safe.
Why segmentation is hard—and why visibility makes it possible
Let’s be honest — 100,000 endpoints sounds overwhelming because it is. But here’s what struck me about Emplify Health’s situation: it wasn’t really about the sheer number of devices. The real problem was that traditional security thinking just doesn’t work in healthcare.
Think about it. In most IT environments, you can install endpoint agents, run scans, and get decent visibility. But in healthcare? You’ve got life-critical devices that can’t be touched, vendor contracts that prevent agent installation, and legacy equipment running operating systems from the Stone Age. Manual inventories and spreadsheets aren’t just always outdated — they’re not helpful when it comes to taking security actions.
Smitty put it perfectly: “You can’t secure what you can’t see.” But the real shift came when Emplify Health stopped treating visibility as the end goal — and started using it as a launchpad.
Lesson 1: Visibility Is Strategy, Not Just Inventory
Here’s where Emplify Health’s approach got interesting. Instead of thinking about device discovery as an inventory problem, they treated it as a strategic security foundation.
They took advantage of ORDR’s machine learning-powered profiling that delivered three game-changing insights:
- A complete, real-time picture of every connected device, including those without agents
- Context-rich identifiers like device type, manufacturer, and communication flows that reveal how devices interact and where boundaries should exist
- Instant visibility into affected assets during FDA recalls or security incidents—what they are, where they are, and how many are in use
But here’s why this matters to you: When that next ICS advisory drops, or when the FDA issues a recall for medical devices, you need to answer three critical questions in seconds, not days: “Do we have it? Where is it? How many?”
Emplify Health went from manual searches through spreadsheets to getting these answers instantly. That’s not just operational efficiency — that’s the difference between containing a threat and watching it spread across your network.
Lesson 2: Behavior Beats Cataloging
This is where the conversation with Smitty really clicked for me. Most organizations focus on cataloging what devices they have. Emplify Health figured out that understanding what devices are doing is way more valuable.
Their high-fidelity profiling revealed not just what was connected, but how each device behaved on the network. This behavioral intelligence enabled them to:
- Instantly assess exposure to new threats by manufacturer or device type
- Get single-pane-of-glass visibility for confident decision-making
- Respond to threats in minutes instead of scrambling through multiple systems
Here’s the mindset shift: Stop thinking “what do we have” and start thinking “what is everything doing.” When you can see device behavior, you move from reactive to proactive security. You spot problems before they become incidents.
Lesson 3: Agentless Doesn’t Mean Helpless
This lesson hit close to home because I see so many healthcare organizations throw up their hands when it comes to agentless devices. “We can’t scan it, we can’t install anything on it, so we just have to hope for the best.”
Smitty showed me how Emplify Health flipped this script entirely. They couldn’t use traditional vulnerability scanning — it would disrupt patient care. So they got creative:
Software-layer profiling let them understand operating systems and applications without disrupting operations. Comprehensive correlation went beyond standard CVE databases to include FDA recalls and medical device alerts. Communication monitoring detected risky connections to prohibited URLs or malicious domains.
The result? Even vendor-managed devices with strict contract restrictions became visible. They could see what operating system was running, monitor who was remoting in for maintenance, and track external communications.
Here’s what this means for you: Those “unmanageable” devices aren’t actually unmanageable. You just need a different approach than traditional IT security tools.
Lesson 4: Visibility Enables Real Segmentation
Network segmentation with 100,000 endpoints sounds impossible, right? That’s exactly what Emplify Health thought until they realized something crucial: you can’t effectively segment what you can’t see and understand.
All that device visibility and behavioral intelligence they’d built? It became the foundation for actually manageable segmentation. Instead of attempting a massive overhaul, they started with their most vulnerable systems — medical imaging devices running outdated operating systems. They used their real-time monitoring to visualize device communications and build segmentation policies that actually worked.
Here’s the beautiful part: early wins created momentum. Clinical engineering and networking teams saw tangible benefits and became eager to segment more devices. What seemed overwhelming became a collaborative effort that made everyone’s job easier.
As Smitty put it, “I equate my segmentation to eating an elephant. You got to pick a place and take a bite.” Pick your biggest pain points, prove the concept works, and let success build on success. But none of it would have been possible without that foundational visibility into what devices were actually doing on their network.
The Real Transformation
What impressed me most about Emplify Health’s journey wasn’t just how they use ORDR — it was how they changed their entire security operation. They went from reactive scrambling to proactive management. From spreadsheet hunting to instant answers. From overwhelming complexity to manageable, collaborative security.
But here’s the thing: this transformation didn’t happen because they bought better tools. It happened because they changed how they thought about device security in healthcare environments.
Want the Full Story?
This conversation with Smitty was just the tip of the iceberg. We dove deep into the details of their segmentation journey, talked through implementation challenges, and covered questions from other healthcare IT leaders facing similar problems with securing complex networks.
If these lessons resonate with your situation, even if you’re not in healthcare, you should definitely check out our full webinar conversation. Smitty breaks down Emplify Health’s entire transformation — from gaining device visibility to building effective segmentation strategies — and answers real questions from healthcare security professionals just like you. Watch here: “Securing the Unseen: How Emplify Health Eliminated Agentless Blind Spots and Strengthened Segmentation”
Trust me, it’s worth the hour. Smitty’s insights could save you months of trial and error — and probably a few headaches along the way.
Interested in
Learning More?
Subscribe today to stay informed and get
regular updates from ORDR Cloud
