Healthcare IoT Cybersecurity: Disruptive Trends that Will Change the Narrative in 2020

Jonathan Langer

Jonathan Langer

Jan 3


It’s said that the truth passes through three stages: First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as self-evident. Based on how freely risk capital continues to flow into our solution market, it would seem the investment bankers believe that the IoT cybersecurity vendors are already in the homestretch. I respectfully disagree. Although a few of us are well out of the gates, I think the race has just begun.

In healthcare, where the IoT solution market is especially hot for a number of pressing reasons, the traditional technology adoption curve is holding relatively true to form. And I don’t expect much compression in 2020 until the current lens through which cybersecurity is viewed expands beyond Information Technology (IT) and specialized network security offices. Put another way, healthcare’s “not invented here” naysayers will not change their tune under the decision-weight of the market’s early adopters. Rather, they will continue to wait for evidence of a business case that can be monetized. With that in mind, here’s my first prediction for 2020:

Health Systems will begin to discover that cybersecurity can be monetized.

  • Reluctant CISOs will feel the pressure to investigate use-cases that directly impact the bottom-line-driven interests of non-traditional, cross functional teams.

Unlike other disruptive technologies that require significant change management, IoT cybersecurity solutions will be acknowledged as easy to implement. But here’s the bigger point: Beyond addressing IoT cybersecurity, leading solutions will be recognized for their additional data benefits and how easily these benefits can be consumed by other existing systems to enhance other existing practice/workflows. In healthcare, where digitization is low relative to other industries, Medigate is producing and pushing these data to drive improvements across the healthcare enterprise (e.g. IT, BioMed, Clinical Engineering, Supply Chain and Finance). And that leads me to a related second prediction:

Discussions about CISO tenure and debates about “the evolving role of the CISO” will settle.

  • Discussions surrounding “the evolving CISO role” will settle around expanding practice definitions that encompass far broader and strategic responsibility-sets. CISO thought leaders have the opportunity to change the narrative, and they will start to do it by showing cross functional leadership.

Risk avoidance will be denounced in favor of more clinically integrated and proactive approaches to risk reduction that begin to embrace the inputs of non-traditional stakeholders. The “monetization narrative” will resonate with BODs and CISO 2021 budgets will see meaningful improvements. Traditional staff hiring ratios (e.g. 1 person per 1,000 employees) will give way to more rational numbers reflective of the CISO’s opportunity to directly impact operating performance. These developments will lead to another more subtle prediction:

MSSP models will rationalize and new, hybrid MSSP-like offerings will emerge.

  • Medigate’s market leading footprint and deepening manufacturer relationships are creating leverage for specialized offerings centered on community sourced security intelligence.

Although MSSPs have traditionally provided stop-gap solutions to smaller to mid-sized health systems, demand for newly emerging services will quickly develop among the nation’s largest IDNs. Simply put, services based on community-sourced intelligence will become more accessible, trusted and adopted by CISOs for a number of budget and resource-driven reasons.

This article began by citing an old axiom about the three phases of truth. Although my subsequent reference to the technology adoption curve was not explicitly correlated, there is little question that these cycles are, in fact, directly related. Because similar claims being made by a now crowded group of IoT cybersecurity solution vendors have already resulted in “pitch fatigue,” solution evaluators in 2020 will nevertheless figure things out, meaning they will re-sequence Network Access Control (NAC), firewalling and network segmentation projects based on the enabling visibility provided by leading cybersecurity solution providers. At a minimum, they will learn the value of picking the right partner, how to rank the promises being made and work more effectively to find the vendors who are actually keeping them. Naturally, I predict they will find and select Medigate!

Happy New Year,
Jonathan Langer, Medigate CEO and co-founder