Home Implementing a Strong IoMT Security Posture

Implementing a Strong IoMT Security Posture


In the rapidly evolving ecosystem of digitized healthcare, IoMT (Internet of Medical Things) technologies have become an irreplaceable component of patient care. With IoMT-based devices, physicians and patients can monitor conditions in real-time, allowing for maximum disease management and enhanced patient care outcomes.

The benefits of IoMT are so appealing that the IoMT market is expected to reach a valuation of $158 billion by 2022.1 By 2023, it is expected that 68% of devices in hospitals will be connected.2 However, despite its advantages, IoMT puts healthcare organizations and lives at risk. Because healthcare groups often lack knowledge of their connected inventory, own a wide variety of devices, and purchase products that aren’t secure by design, cyberattacks remain a pervasive threat.

In this paper, we will discuss how discovery and visibility, policy management, and enforcement represent a starting point for improved healthcare.

Discovery and Visibility

In order for healthcare organizations to provide seamless patient care, identifying and monitoring IoMT
inventory is essential. Administrative managers should know the vendor, model, serial number, and
operating system of each and every connected device. This information can be invaluable in quickly removing devices that have been recalled for safety reasons, in minimizing overhead costs, and in reducing overall risk.

From 2015 and 2019, the US Food and Drug Administration (FDA) issued more than 100 medical device safety warnings or recalls, including a handful in regards to cyber security concerns.

In early 2020, the FDA issued a Class 1 recall of 774,000 infusion pumps sold in the United States due to
software errors and potential vulnerabilities.3 The recall only pertained to specific model codes and lot
numbers, and organizations were advised to then wait for the manufacturer to reach out about a software update. Until the software update is released, devices “remain vulnerable,” says the FDA.4

When instances like these occur, healthcare providers, distributors and facilities need to quickly isolate and remove devices from their inventory. Accomplishing this type of task without a discovery and visibility tool is overwhelming. In addition to taking precautions in regards to external threat warnings, hospitals and healthcare groups must also take precautions when it comes to internal threats. As a medical provider group, you know that lost and stolen equipment costs US hospitals millions of dollars, annually.

In 2020, a hospital employee faced federal charges for the theft of five ventilator machines 5, which collectively may have cost the hospital as much as $175,000.6 By avoiding inventory depletion when it comes to devices, you can remain aligned with group buying contracts, avoid paying higher prices for additional equipment, and ensure continuous patient care.

For these reasons and more, investing in automatic discovery and visibility for your IoMT systems can facilitate smooth day-to-day operations, and reduce overall risk.

1 “The Internet of Medical Things Moment is Here,” World Economic Forum, Kayla Matthews, May 10th, 2019
2 “Eight IoT Barriers for Connected Medical Devices and How to Overcome Them, Deloitte, 14 Aug, 2018