Healthcare CIO Pulse Cybersecurity HealthTech

Cooper University Health Care’s Curran Says Cross-Functional Collaboration Was the Key to Securing More Than 10,000 Edge Devices

•March 17, 2026

healthsystemCIO•Mar 17, 2026

Why It Matters

Full visibility eliminates hidden cyber‑risk vectors that threaten patient safety, setting a replicable blueprint for health systems facing expanding IoT footprints.

Key Takeaways

•Passive monitoring gave full device inventory without clinical disruption
•Cross‑functional team aligned IT, security, and clinical engineering
•VLAN segmentation isolated high‑risk devices as primary control
•Security clauses added to contracts forced vendor compliance
•Ongoing risk assessments embed security throughout device lifecycle

Pulse Analysis

Healthcare organizations are grappling with an unprecedented surge of connected devices, from infusion pumps to diagnostic scanners. While these assets improve clinical outcomes, they also expand the attack surface, especially when inventory data is fragmented. Cooper University Health Care’s decision to start with passive network‑monitoring allowed it to catalog every endpoint without disrupting patient care, establishing a reliable baseline for security actions. This approach demonstrates that visibility can be achieved at scale without costly downtime, a critical insight for hospitals that cannot afford service interruptions.

The real differentiator in Cooper’s success was the deliberate integration of diverse stakeholder groups. By embedding clinical engineering, IT, and security into a single governance structure, the organization aligned technical safeguards with frontline workflow realities. Network segmentation via VLANs provided an immediate compensating control for legacy devices that could not be fully hardened, while the introduction of security clauses into vendor contracts shifted responsibility upstream. These measures collectively paved the way for a zero‑trust architecture, where trust is continuously verified rather than assumed, and where device onboarding and decommissioning become automated, auditable processes.

For the broader health‑care sector, Cooper’s model offers a pragmatic roadmap. Visibility, cross‑functional collaboration, and contractual leverage form a triad that can be replicated across institutions of varying size. As regulators tighten requirements around medical‑device cybersecurity, organizations that adopt these practices will not only reduce breach risk but also enhance patient confidence. Future investments should focus on expanding automated risk assessments and integrating software‑bill‑of‑materials data, ensuring that security remains an integral part of the device lifecycle rather than an afterthought.