Are Your Hospital’s IoMT Devices Putting Patient Lives at Risk?

By Shankar Somasundaram, CEO, Asimily

The acceleration and scale of Internet of Medical Things (IoMT) devices and equipment within healthcare delivery organizations (HDOs) has been well-earned: they enable providers to access critical real-time insights, automate routine monitoring tasks, and deliver more responsive, data-driven patient care.

But they can also come with security trade-offs. With thousands—in some settings tens of thousands—of connected devices deployed, healthcare IT teams using more traditional network security strategies struggle to inventory assets, monitor device behavior, and close vulnerabilities. This results in entry points that cyberthreat actors are increasingly exploiting.

HDOs are Coming Off a Rough Year

The consequences of these IoMT cybersecurity shortcomings have been stark. 2024 set a record year for operational disruptions caused by cyberattacks against HDOs. According to Ponemon Institute’s year-end survey, 92% of healthcare organizations reported suffering at least one cyberattack in the previous 12 months. Threat actors now recognize both the value of sensitive patient data and, even more disturbingly, the leverage gained by interfering with potentially life-or-death medical interventions when extracting ransomware payments.

The impact hasn’t just been widespread, but also severe. A troubling 70% of HDOs reported that cyberattacks directly disrupted clinical care, with incidents compromising essential connected devices (from heart monitors and infusion pumps to handheld diagnostic tools). Even more concerning, half of HDOs reported that data loss or exfiltration incidents contributed to increased mortality rates.

These attacks create cascading clinical impacts, such as delayed procedures and diagnostic tests when accurate data becomes inaccessible, increased complications for procedures that proceed under compromised conditions, patient transfers or diversions to alternate facilities, and extended hospital stays. Unlike organizations in other sectors where consequences typically involve customer data exposure and regulatory penalties, HDOs are directly responsible for people whose very lives may depend on maintaining secure, functional systems.

Older internet-connected healthcare devices that resist traditional protection methods are a growing part of the challenge, with more than half surveyed saying that connected device security is a top concern. Critical imaging equipment, including many MRI machines, still runs on vulnerable operating systems that cannot withstand sophisticated modern attacks. Other outdated defenses are common with patient monitors, anesthesia machines, and implanted drug-delivery systems. With these devices representing major capital investments that organizations can only refresh periodically, wholesale replacement remains impractical for most HDOs.

But even purchasing brand new connected medical devices is no guarantee of security, because IoMT device manufacturers are all over the map in how well they secure devices and provide timely updates. With the average cost of a healthcare cybersecurity compromise standing at $1.47 million in 2024, HDOs must ensure their IT and security teams can effectively secure connected devices, regardless of their intrinsic protections.

Solving IoMT Security Challenges

The core need underpinning effective IoMT device security is visibility. This requires both complete device discovery across diverse IoMT fleets and granular monitoring of network traffic patterns to and from each device. While traditional security strategies leave teams reacting to attacks already spreading through their systems, the right IoMT security approach enables proactive protection through continuous monitoring and early threat detection.

Modernized IoMT security calls for passive scanning techniques to identify the precise make, model, operating system, firmware version, and function of thousands of connected devices across an HDO’s environment, while simultaneously cataloging associated risks and vulnerabilities. That way, a baseline of connectivity patterns gets established for each device, enabling continuous monitoring that can instantly detect and mitigate threats when activity deviates from expected behavior patterns.

With thousands of IoMT devices to protect, IT and security teams with limited resources face what seems an impossible challenge. Advanced threat prioritization methodologies must identify the specific connected devices most vulnerable to successful attacks and prioritize from there. In practice, many technical vulnerabilities actually present negligible risk due to factors like network segmentation, neighboring device configurations, exploit complexity, and current attack trends. By analyzing each device’s complete operational context, HDOs can identify the high-priority threats and focus team resources precisely where protection will matter the most. This contextualized strategy secures even legacy devices that lack available security updates or built-in protections.

Leading HDOs have proven the effectiveness of this IoMT-centric security strategy. Tufts Medicine, with more than 21,000 connected devices across four hospital locations, recognized its IoT visibility gaps and restructured its security operations to include dedicated specialists. The organization implemented comprehensive IoMT security and SIEM solutions that provide centralized control over vulnerability management and anomaly detection, including passive scanning and unauthorized device identification. Today, Tufts benefits from automated device discovery and classification, alongside a clinically-validated process for prioritizing and mitigating vulnerabilities. Similarly, MemorialCare in Los Angeles and Orange County applied this approach to safeguard its 52,000 connected devices across four hospitals.

Securing Healthcare’s Ever-More-Connected Future

The record-breaking cyberattacks of 2024 should serve as both wake-up call and turning point for healthcare organizations navigating security challenges in the IoMT era. As the examples of Tufts Medicine and MemorialCare demonstrate, HDOs can successfully protect their connected environments (and by extension, their patients) from devastating care interruptions. With advanced visibility, continuous monitoring, contextual risk prioritization, and automated threat mitigation now accessible, HDOs have the capabilities needed to deny attackers leverage over their critical IoT device ecosystems.