Announcing Axonius for Healthcare: Security starts inside the network

Healthcare has entered a new era, one defined by hyper-connectivity, digital transformation, and rising cyber risk. Every patient interaction, every connected monitor, and every automated process now depends on a vast web of medical, IoT, and operational technology (OT) devices. But as hospitals modernize, their attack surface grows faster than their ability to secure it.

That’s why we’re proud to introduce Axonius for Healthcare today at CTRL/ACT, a purpose-built solution that extends the power of the Axonius platform into one of the most complex and critical sectors in the world.

From our recent acquisition of Cynerio, Axonius for Healthcare unifies visibility, context, and control across every connected medical device, helping hospitals see and secure the devices that keep care running. Through passive discovery, deep device fingerprinting, and automated action, it gives healthcare organizations the clarity to identify every asset, understand its risk, and respond confidently without disrupting patient safety.

The Axonius for Healthcare integration with the Axonius Asset Cloud is focused on asset discovery and risk visibility, laying the groundwork for deeper functionality like remediation and enforcement coming in future releases.

Phase 1 introduces:

• Passive asset discovery of every connected medical, IoT, and OT device, without disrupting care delivery.

• Vulnerability and misconfiguration detection, surfacing weak credentials, open ports, or abnormal behavior.

• Leverages Axonius’ industry-leading integrations while expanding coverage for healthcare environments through CMMS integrations such as Medimizer, e-Quip, and Medusa.

• New medical device and IoT/OT dashboards, providing out-of-the-box visibility by device type, manufacturer, and risk level.

• Location mapping, showing where each device connects within the hospital network for faster coordination between IT and Biomed teams.

This marks the first step toward complete cyber-physical visibility and control in healthcare,  a foundation for proactive, patient-safe security.

The real frontline of healthcare security isn’t the perimeter. It’s the network.

Walk into any modern hospital and you’ll find a quiet, constant hum of connectivity. Monitors, infusion pumps, imaging systems, HVAC controls, and even elevators form an intricate digital ecosystem that keeps patient care running. But as healthcare embraces smarter, more connected operations, the frontline of security has shifted. It’s no longer about defending the perimeter or the EHR system. It’s about protecting the network itself, where thousands of devices now define both care delivery and risk.

For years, healthcare security programs focused primarily on safeguarding electronic health records (EHRs), endpoints, and data centers. That made sense when data theft was the main threat. But as ransomware groups and state-sponsored actors evolve, their goal has shifted from stealing data to disrupting care.

The challenge is that most hospitals still lack visibility into the devices that power their operations. A recent Cynerio and Ponemon Institute study found that more than 53% of connected medical devices in hospitals have at least one critical vulnerability, and over 70% of infusion pumps carry known risks. A 2024 Censys analysis identified thousands of imaging systems and patient monitors exposed directly to the internet through unsecured protocols like DICOM and FTP.

Each connected device represents a potential point of compromise. Many run outdated operating systems, use default or hard-coded credentials, and cannot support traditional endpoint protections, making them low-effort, high-impact targets for attackers.

Why traditional security tools fall short, and where visibility breaks down

Endpoint detection agents can’t usually be installed on medical or OT devices. Vulnerability scanners may crash life-critical systems. And while network segmentation is often recommended as a best practice, hospitals are understandably cautious about implementing it. 

Without full visibility into which devices need to communicate, segmentation can inadvertently break workflows critical to patient care and operational continuity. The risk of interrupting communication between, for example, an infusion pump and its controller often outweighs the security benefit, leaving internal device traffic largely unmonitored.

These visibility gaps create ideal conditions for unnoticed movement and escalation. A compromise that starts on a single unpatched imaging workstation or even a smart TV connected to guest Wi-Fi can quietly pivot deeper into the clinical network. From there, adversaries can access file shares, identity systems, or operational controls that underpin care delivery. 

The 2024 Change Healthcare ransomware attack was a stark reminder that a single compromised entry point can cascade into widespread disruption. While that incident began in application infrastructure, the same dynamic applies inside hospitals: once attackers are in, complexity and interconnectivity do the rest.

Hospitals, by design, are collaborative ecosystems, but that structure can complicate ownership and accountability. Clinical engineering, IT, and security each manage their own domains, yet no single team has end-to-end visibility. Biomedical engineers track equipment, IT manages the network, and security enforces policy. That division leaves blind spots across the environment.

Many hospitals still rely on outdated CMMS systems or spreadsheets that record asset details but omit network activity, vulnerabilities, and firmware versions. In one large U.S. health system, an internal audit found over 3,000 connected devices missing from the official inventory, a pattern that’s common across the industry.

Without unified visibility, organizations can’t measure or mitigate risk effectively. They can’t see which devices are communicating with unauthorized domains, transmitting credentials in clear text, or exposing open ports. And they can’t prioritize remediation when every alert looks the same.

What’s driving change

Despite these challenges, the industry is moving in the right direction. Several trends are reshaping how healthcare organizations approach connected-device security:

• Regulatory momentum: The FDA’s latest postmarket guidance requires manufacturers to disclose software bills of materials (SBOMs) and maintain vulnerability management programs for medical devices. Hospitals are expected to validate and enforce those controls internally.

• Zero Trust for devices: Healthcare organizations are extending Zero Trust principles beyond users and applications to include devices, treating every asset as untrusted until verified.

• Convergence of IT and biomed: Forward-looking hospitals are forming joint security councils that unite IT, InfoSec, and clinical engineering teams to share telemetry, tools, and accountability.

• Adoption of passive monitoring: Non-intrusive network monitoring and traffic analysis are replacing manual discovery and active scans, delivering real-time visibility without risking downtime.

These shifts reflect a growing recognition that patient safety and cybersecurity are inseparable.

Visibility is key to actionability

The first step to defending what you can’t see is to see it clearly. Continuous identification of every connected device, including medical, IoT, and OT, and understanding its context is now foundational to healthcare security. What it is, what it does, who owns it, and how it behaves all matter.

Once organizations achieve that level of insight, they can layer on governance, automation, and response. Network policies can be applied consistently across departments. Vulnerabilities can be prioritized by clinical impact, not just CVSS score. 

And when an anomaly occurs, like a device suddenly communicating with an unrecognized external domain or transmitting unencrypted credentials,  security teams can respond quickly and precisely without interrupting care.

Visibility is a discipline, not a one-time exercise. It transforms unknowns into insight and enables security programs to move from reactive to proactive.

Building a stronger frontline through visibility and collaboration

Healthcare’s frontline has changed. It’s no longer defined by firewalls or perimeter defenses, but by the networks that connect everything from life-support systems to smart lighting.

As hospitals continue to modernize, adopting AI-assisted diagnostics, remote monitoring, and connected facility management, the digital and physical worlds are merging faster than traditional defenses can adapt. The organizations that will succeed aren’t the ones deploying more tools, but the ones achieving unified visibility with the ability to act on it. 

True resilience comes from turning insight into action. That means reducing risk, stopping threats, and protecting what matters most: patient safety, data confidentiality, and continuous care delivery through close collaboration across IT, security, and clinical teams.

The next era of healthcare security will be about seeing clearly, acting decisively, and maintaining trust where it matters most, inside the network that keeps modern medicine running.

If you’d like to learn more about these announcements, tune into CTRL/ACT this week. We’ll share more about the strategies that successful security and IT teams are using to shift from reactive to proactive operations. Register here. 

And to learn more about how Axonius can help you, schedule a meeting with our security specialists.