Photo: JGI/Tom Grill/Getty Images
Healthcare organizations are placing closer scrutiny on internet of things security platforms as connected medical devices become more central to patient care and hospital operations, according to a KLAS Research report.
As hospitals continue to add networked clinical devices, building systems and operational technologies, security teams face growing pressures to maintain real-time visibility into device activity while reducing manual workload and alert fatigue.
As a result, hospitals are increasingly evaluating healthcare IoT security vendors based on measurable outcomes, including faster risk remediation, stronger actionability and effective integration with broader security workflows.
The KLAS analysis evaluates vendors, including Armis, Asimily, Axonius (formerly Cynerio), Claroty, Forescout Technologies, ORDR and Palo Alto Networks. While approaches and maturity levels vary, the report finds that no vendor has fully met customer expectations.
Comprehensive asset visibility remains the foundation of healthcare IoT security, but basic discovery is no longer sufficient.
Organizations want richer context, such as accurate device classification, consistent tagging and clear ownership mapping, to enable faster response when risks emerge. Data inconsistency and false positives continue to erode trust in some platforms.
"Meaningful visibility means being able to create action from the information that you are seeing," Jennifer Hickenlooper, senior insights director at KLAS and co-author of the report, told MobiHealthNews.
This includes prioritizing the assets organizations are finding on the network to know where to focus remediation efforts and identify their risks – not just identifying their assets and knowing that they exist.
The report noted integration is another key challenge. Although most vendors offer connections to security information and event management (SIEM) and network detection and response (NDR) tools, customers report difficulties operationalizing those integrations.
Hickenlooper said that tight integration between healthcare IoT security platforms and core security tools (SIEM, NDR, NAC, CMMS, ServiceNow) is seen as increasingly essential.
Weak connections can limit correlation, increase alert noise and reduce the value of existing security investments.
"When integrations work well, IoMT visibility becomes actionable, trusted and scalable," she said. "When they don’t, visibility degrades into manual work, data trust erodes, response workflows slow down and infrastructure teams resist further deployment."
THE LARGER TREND
The KLAS report highlights that healthcare IoT security is entering a more mature phase, where buyers expect platforms to deliver tangible outcomes rather than point solutions.
Vendors that can combine strong visibility, reliable integration and practical automation are likely to gain traction, with healthcare IT and security leaders seeking to reduce risk without adding complexity.
"AI and full automation capabilities are still early in this space but seen as promising," Hickenlooper said.
She relayed that while customers are optimistic about the future, there is still a lot of development needed to drive outcomes around reducing alert fatigue and speeding up remediation.
"AI and full automation capabilities would be the most top of mind, along with vendors that are able to figure out how to better automate remediation in the future," Hickenlooper said.
Industry leaders also recommend cybersecurity policies align closely with broader strategic objectives, a process that depends on relationship building and trust across the organization.
