Securing the Medical Internet of Things: Challenges, Standards, and Best Practices

Abstract

The pervasive integration of Internet of Medical Things (IoMT) devices into contemporary healthcare ecosystems has heralded a transformative era in patient care delivery, offering unparalleled capabilities for continuous physiological monitoring, highly personalized therapeutic interventions, and streamlined, efficient management of vast datasets. This technological leap, however, is not without its attendant complexities, most notably the emergence of profound cybersecurity vulnerabilities. Many early and even current generation IoMT devices were primarily engineered with functional utility and patient safety as paramount, often sidelining robust cybersecurity considerations in their foundational design. This comprehensive paper meticulously explores the inherent vulnerabilities deeply embedded within IoMT devices, critically examines the existing mosaic of global regulatory frameworks and security standards, delves into the manifold security challenges confronting these technologies, and rigorously proposes a suite of advanced best practices designed to significantly fortify their security posture and resilience against evolving cyber threats.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

1. Introduction: The Transformative Landscape of IoMT in Healthcare

The advent and rapid proliferation of Internet of Medical Things (IoMT) devices have fundamentally reshaped the landscape of healthcare, ushering in an era characterized by unprecedented levels of connectivity, data accessibility, and operational efficiency. These interconnected medical devices, ranging from sophisticated wearable ECG monitors and smart glucose meters to remotely controlled infusion pumps and advanced surgical robotics, continuously collect, process, and transmit an extraordinarily sensitive genre of data: protected health information (PHI) and personally identifiable information (PII). This real-time data flow empowers healthcare professionals with actionable insights for data-driven decision-making, facilitates proactive patient management, and enhances diagnostic precision, ultimately contributing to improved patient outcomes and a more responsive healthcare system. The market for IoMT devices is experiencing exponential growth, projected to reach hundreds of billions of dollars within the next decade, reflecting their integral role in the future of healthcare delivery (Financial Times, 2025).

However, this technological revolution brings with it a commensurately significant increase in the cyber-attack surface of healthcare organizations. The very nature of the data collected—intimate details of an individual’s health, financial information, and often location data—makes IoMT devices exceptionally attractive targets for a diverse array of malicious actors, including state-sponsored groups, organized cybercriminals, and even disgruntled insiders. The profound lack of inherent security features in a substantial proportion of these devices, often due to their design philosophy prioritizing functionality, battery life, and cost-effectiveness over cybersecurity, has cultivated a fertile ground for critical vulnerabilities. These vulnerabilities translate into palpable concerns regarding data breaches, unauthorized access, data manipulation, denial-of-service attacks, and, most critically, the potential for direct patient harm through device malfunction or malicious alteration of therapy. Consequently, addressing these multifaceted security challenges is not merely a technical imperative but a fundamental prerequisite to ensure the safe, effective, and trustworthy utilization of IoMT technologies within highly sensitive healthcare environments.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

2. Inherent Vulnerabilities and Design Deficiencies of IoMT Devices

The foundational design and operational characteristics of many IoMT devices present a unique constellation of inherent vulnerabilities that render them particularly susceptible to cyber exploitation. Unlike traditional IT assets, medical devices have historically been developed under stringent regulatory frameworks primarily focused on clinical efficacy and patient safety, with cybersecurity only recently gaining significant prominence.

2.1. Limited, Absent, or Inadequate Security Features

Many IoMT devices are engineered with a predominant focus on their primary clinical function, often resulting in design choices that compromise or entirely omit robust cybersecurity measures. This design philosophy is often driven by several factors, including resource constraints such as limited battery life, restricted processing power, and minimal memory, which make the implementation of complex cryptographic algorithms or extensive security protocols challenging. Furthermore, intense market pressures often prioritize rapid time-to-market over exhaustive security hardening.

The absence of fundamental security features is alarming and includes, but is not limited to:

• Lack of Strong Authentication and Authorization: Many devices still rely on default, easily guessable, or hardcoded credentials, or even entirely lack robust authentication mechanisms, allowing unauthorized individuals to gain access with minimal effort. The concept of ‘least privilege’ is often not applied, granting excessive permissions.
• Insufficient Data Encryption: Sensitive patient data, whether in transit (during communication between the device, gateways, and cloud servers) or at rest (stored on the device itself), is frequently transmitted or stored without adequate encryption, making it vulnerable to interception, eavesdropping, and exfiltration. Where encryption is present, it may employ weak or outdated cryptographic algorithms, or poorly managed keys.
• Absence of Secure Software Update Mechanisms: Many devices lack secure over-the-air (OTA) update capabilities, meaning updates must be applied manually, if at all, which is often impractical or entirely impossible in a clinical setting. Even when updates are available, they may not be cryptographically signed or verified, opening the door for malicious firmware injection.
• Vulnerable Operating Systems and Libraries: IoMT devices frequently run on embedded operating systems (e.g., older versions of Linux, Windows Embedded, RTOS) or rely on third-party libraries that may contain known, unpatched vulnerabilities. Manufacturers often do not provide regular security patches for these underlying components, leaving devices exposed to common exploits.
• Inadequate Tamper Detection and Prevention: Many devices lack physical or logical tamper detection mechanisms, making them susceptible to physical manipulation or the installation of malicious software without being detected.
• Lack of Integrity Checks: The integrity of configuration settings, data, or firmware often goes unchecked, meaning malicious alterations might not be identified, leading to misoperation or data corruption.

2.2. Diverse, Disparate, and Proprietary Systems

The healthcare sector is characterized by a vast and heterogeneous ecosystem of IoMT devices sourced from numerous manufacturers. Each vendor often utilizes proprietary operating systems, communication protocols, and unique software stacks. This profound diversity introduces significant complexity into implementing and managing standardized security measures across an entire network. The lack of interoperability and common security baselines makes it exceedingly challenging for healthcare organizations (HCOs) to gain a unified view of their security posture, monitor vulnerabilities, and enforce consistent security policies.

Key challenges arising from this diversity include:

• Interoperability Headaches: The inability of devices from different vendors to securely and seamlessly communicate exacerbates management complexities and creates potential data silos.
• Patch Management Nightmares: Developing and deploying patches for a myriad of proprietary systems requires specialized knowledge and tools, which often exceed the capabilities of an HCO’s internal IT and cybersecurity teams.
• Unified Policy Enforcement: It becomes arduous to apply consistent security policies (e.g., access controls, network segmentation rules) when each device type or vendor requires a distinct approach.
• Shadow IT and Unsanctioned Devices: The ease with which some devices can be integrated, or even directly connected by clinical staff without central IT oversight, can lead to ‘shadow IT’ scenarios, where devices operate outside the established security perimeter, creating unmanaged risks. (Armis, 2020)
• Mobility and Misplacement Risks: The inherent mobility of many IoMT devices (e.g., mobile patient monitors, handheld diagnostic tools) within and between healthcare facilities increases the risk of misplacement, loss, or theft, leading to potential unauthorized access to both the device and the data it contains.

2.3. Challenges in Firmware Management and Lifecycle Support

IoMT devices frequently operate on deeply embedded firmware that is notoriously difficult to update or patch. Unlike traditional computing devices, firmware updates for medical devices often necessitate stringent validation processes, potentially requiring re-certification or re-validation with regulatory bodies to ensure that the update does not adversely affect the device’s clinical functionality or patient safety. This bureaucratic hurdle can significantly delay the deployment of crucial security patches, leaving devices exposed to known exploits for extended periods.

Further compounding this issue is the reality that many medical devices are designed for extended operational lifespans, often 10 to 15 years, significantly longer than the typical refresh cycles for general IT equipment. Manufacturers may cease active support for older device models, discontinuing firmware updates and vulnerability patches. This leaves a vast installed base of ‘end-of-life’ but still clinically active devices perpetually vulnerable to newly discovered threats. The reluctance to update firmware or replace older devices is often driven by concerns about clinical downtime, potential disruption to patient care, financial costs, and the arduous regulatory validation processes.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

3. Regulatory Frameworks and Standards: Navigating a Complex Landscape

Recognizing the escalating cybersecurity risks associated with networked medical devices, international and national regulatory bodies, alongside standards organizations, have begun to formulate guidelines and requirements aimed at bolstering the security posture of IoMT. However, this landscape remains fragmented and is continuously evolving.

3.1. International Standards for Medical Device Security

Several international standards provide foundational frameworks that, while not exclusively focused on cybersecurity, contain critical provisions pertinent to the secure development, deployment, and management of medical devices, including IoMT devices. These standards increasingly integrate cybersecurity as an essential aspect of device safety and performance:

• IEC 60601-1: Medical Electrical Equipment – Part 1: General Requirements for Basic Safety and Essential Performance (International Electrotechnical Commission, 2005): While historically focused on electrical and mechanical safety, contemporary interpretations and amendments to IEC 60601 increasingly recognize cybersecurity as an integral component of a device’s ‘basic safety’ and ‘essential performance.’ A cyberattack that compromises a device’s functionality or data integrity can directly lead to patient harm, thus falling under the purview of safety. Amendments and collateral standards (e.g., IEC 80001-1) specifically address IT networks and risk management within healthcare environments.
• ISO 14971:2019 – Medical Devices – Application of Risk Management to Medical Devices (International Organization for Standardization, 2019): This crucial standard provides a comprehensive framework for manufacturers to identify, evaluate, control, and monitor risks throughout the entire lifecycle of a medical device. Cybersecurity risks, such as unauthorized access, data integrity breaches, and denial-of-service, must be systematically identified as potential sources of harm and managed according to this standard. It mandates a continuous risk management process, which includes assessing cybersecurity threats and implementing appropriate mitigation strategies.
• IEC 62304: Medical Device Software – Software Life Cycle Processes (International Electrotechnical Commission, 2006): This standard outlines life cycle processes for medical device software, encompassing requirements for software development, maintenance, and risk management. It categorizes software based on its potential to cause harm, indirectly influencing the level of rigor required for its security. While not solely a cybersecurity standard, adherence to its principles promotes structured development that can integrate secure coding practices, vulnerability testing, and robust validation of software, all crucial for cybersecurity.
• ISO/IEEE 11073: Health informatics – Medical / Health Device Communication Standards (International Organization for Standardization, & Institute of Electrical and Electronics Engineers, 2010): This family of standards aims to ensure interoperability and communication between medical devices and external systems, facilitating secure and standardized data exchange. By defining robust communication protocols and data models, it helps in preventing common communication-related vulnerabilities and ensures data integrity and confidentiality during transmission.
• NIST Special Publication (SP) 800 Series: While primarily U.S. federal guidelines, documents like NIST SP 800-53 (Security and Privacy Controls for Information Systems and Organizations) and NIST SP 800-82 (Guide to Industrial Control System Security) offer valuable cybersecurity best practices that are highly applicable to IoMT environments, particularly in areas like access control, audit logging, and incident response planning.

3.2. Regulatory Requirements and Guidance

Regulatory bodies across the globe have intensified their focus on medical device cybersecurity, moving from a peripheral consideration to a central tenet of product approval and post-market surveillance. Key regulatory guidance includes:

• U.S. Food and Drug Administration (FDA): The FDA has been a proactive leader in this space, issuing several foundational guidance documents. The ‘Content of Premarket Submissions for Management of Cybersecurity in Medical Devices’ (U.S. Food and Drug Administration, 2018) outlines the need for manufacturers to submit detailed information about their cybersecurity controls as part of their pre-market applications. This includes threat modeling, risk assessments, secure software development practices, and plans for vulnerability management and coordinated disclosure. The FDA further emphasizes the importance of ‘security by design,’ mandating manufacturers to consider cybersecurity throughout the entire product lifecycle, from design to post-market surveillance. While these are ‘guidance’ documents, failure to adhere can result in significant delays in market approval or post-market enforcement actions.
• European Union Medical Device Regulation (EU MDR 2017/745) and In Vitro Diagnostic Regulation (IVDR 2017/746): These comprehensive regulations, which became fully applicable in May 2021 and May 2022 respectively, significantly elevate the cybersecurity requirements for medical devices sold in the EU market (European Commission, 2017). The MDR explicitly states that medical devices must be designed and manufactured in such a way that they protect against unauthorized access and ensure the confidentiality, integrity, and availability of data. It mandates manufacturers to implement ‘state-of-the-art’ cybersecurity measures, conduct conformity assessments through Notified Bodies, and maintain robust post-market surveillance systems, including vulnerability monitoring and coordinated disclosure. Non-adherence can result in devices being denied market access or withdrawn.
• Health Insurance Portability and Accountability Act (HIPAA) in the U.S.: While HIPAA (1996) does not directly regulate medical devices, it profoundly impacts how Protected Health Information (PHI) collected by IoMT devices must be handled, transmitted, and stored by covered entities (healthcare providers, health plans, healthcare clearinghouses) and their business associates. The HIPAA Security Rule mandates administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronic PHI, making secure data handling a legal requirement for any IoMT ecosystem.
• General Data Protection Regulation (GDPR) in the EU: Similar to HIPAA, GDPR (2016) imposes strict requirements on the processing of personal data, including health data, collected by IoMT devices. It emphasizes principles such as ‘privacy by design’ and ‘data minimization,’ requiring organizations to implement appropriate technical and organizational measures to protect personal data from unauthorized access, accidental loss, destruction, or damage. Non-compliance can lead to severe penalties.

Despite these advancements, a significant gap often remains between regulatory ‘guidance’ and universally mandated, rigorous pre-market security assessments, particularly for legacy devices. The dynamic nature of cyber threats also means that regulations, by their very nature, struggle to keep pace with the evolving threat landscape.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

4. Pervasive Security Challenges in IoMT Ecosystems

Beyond inherent device-level vulnerabilities, the broader IoMT ecosystem introduces a complex array of systemic security challenges that healthcare organizations must meticulously address.

4.1. Supply Chain Vulnerabilities and Software Bill of Materials (SBOM)

The intricate and globally distributed nature of the medical device supply chain presents a significant avenue for potential cyber compromise. IoMT devices are typically assembled from components sourced from numerous vendors, including hardware, embedded software, open-source libraries, and proprietary modules. A vulnerability or malicious insertion at any point in this extended supply chain—from design and manufacturing to distribution and maintenance—can compromise the device before it even reaches the healthcare facility. Examples of general IT supply chain attacks, such as the SolarWinds incident, underscore the critical nature of this threat, demonstrating how a single point of failure in a trusted vendor’s supply chain can propagate vulnerabilities across thousands of organizations.

Key aspects of supply chain risk in IoMT include:

• Compromised Components: The risk of counterfeit hardware components or the introduction of malware during the manufacturing process, making it difficult for end-users to detect.
• Third-Party Software/Firmware: Dependence on third-party software libraries or firmware modules that may contain unpatched vulnerabilities or backdoors.
• Vendor Due Diligence: The challenge for HCOs to conduct exhaustive security assessments on every supplier and sub-supplier in their medical device ecosystem.
• Lack of Transparency: Historically, manufacturers have not provided adequate transparency regarding the components and software within their devices.

To mitigate these risks, the concept of a Software Bill of Materials (SBOM) is gaining significant traction. An SBOM is a formal, machine-readable list of ingredients that make up software components, including open-source and commercial software. Mandating and utilizing SBOMs would allow healthcare organizations to:

• Identify Known Vulnerabilities: Quickly check if newly disclosed vulnerabilities affect components within their devices.
• Improve Patch Prioritization: Understand which devices are impacted and prioritize patching efforts based on risk.
• Enhance Transparency: Gain a clearer understanding of the software dependencies and potential risks within their purchased devices.

4.2. Insufficient Network Segmentation and Lateral Movement Risks

One of the most critical structural weaknesses in many healthcare IT networks is inadequate segmentation. A ‘flat network’ architecture, where IoMT devices reside on the same network segment as administrative systems, patient records, or other critical infrastructure, allows cyber threats to propagate rapidly across the entire network. If an attacker compromises a single vulnerable IoMT device, perhaps through a phishing attack on a workstation on the same network, they can then easily move laterally to other devices and systems, potentially escalating privileges and gaining access to highly sensitive data or disrupting critical operations.

Effective network segmentation strategies are paramount to containing potential breaches and limiting their impact. This involves creating distinct virtual local area networks (VLANs), subnets, or even implementing micro-segmentation, which isolates individual devices or small groups of devices. For IoMT, this would typically involve:

• Dedicated IoMT Segments: Isolating medical devices from general IT networks and other clinical systems.
• Traffic Filtering: Implementing strict firewall rules and access control lists (ACLs) to control communication flows between segments, allowing only necessary traffic.
• Zero Trust Principles: Adopting a ‘never trust, always verify’ approach, where every device and user must be authenticated and authorized before accessing resources, regardless of their location within the network.

Without proper segmentation, a successful attack on one IoMT device, such as a connected thermometer, could potentially lead to ransomware spreading to hospital imaging systems, electronic health records (EHRs), or even life-support equipment.

4.3. Limited Device Visibility, Inventory Management, and Asset Context

Many healthcare organizations lack comprehensive, real-time visibility into the sheer volume and diversity of IoMT devices connected to their networks. This ‘blind spot’ is a critical security vulnerability. Without an accurate and up-to-date inventory of all networked medical devices, HCOs cannot:

• Assess their Attack Surface: Unknown or unmanaged devices represent significant entry points for attackers.
• Monitor Device Behavior: Anomalous or malicious activities are hard to detect if the device’s baseline behavior is unknown.
• Apply Security Patches: It’s impossible to patch a device if its existence, location, or patch status is unknown.
• Respond to Incidents Promptly: During a security incident, quickly identifying affected devices and isolating them is crucial.

Traditional IT asset management tools are often ill-suited for IoMT devices due to their proprietary nature, inability to install agents, and unique communication protocols. Effective IoMT inventory management requires specialized solutions that can perform agentless discovery, passively monitor network traffic (e.g., via Deep Packet Inspection (DPI)), and classify devices based on their type, manufacturer, model, location, and clinical function. This contextual understanding is vital for prioritizing security efforts and risk assessments. For instance, a vulnerable infusion pump poses a far greater clinical risk than a vulnerable smart thermometer.

4.4. Challenges in Patching and Maintenance Operations

While discussed under firmware management, the operational challenges of patching IoMT devices warrant further emphasis. Unlike general IT assets that can often be patched remotely and routinely, IoMT devices present unique operational hurdles:

• Uptime Requirements: Many medical devices, particularly those involved in direct patient care or critical hospital operations, have stringent uptime requirements. Taking them offline for patching can disrupt clinical workflows and patient care.
• Complex Approval Processes: Changes to medical device software or firmware often require re-validation, internal clinical approval, and sometimes re-certification, adding layers of bureaucracy and delay.
• Limited Patch Availability: As noted, manufacturers may not provide timely or frequent patches for vulnerabilities, especially for older device models.
• Interdependency: Patches to one device might inadvertently impact the functionality or interoperability of other connected medical systems.

4.5. Insider Threats

Despite external threats often dominating headlines, insider threats, whether malicious or accidental, pose a significant risk to IoMT security. Healthcare environments are inherently collaborative, with numerous staff members (clinicians, IT personnel, maintenance technicians) requiring access to medical devices and the networks they reside on. An employee with legitimate access could, intentionally or unintentionally:

• Misuse or Tamper with Devices: Altering device settings, disconnecting devices, or introducing malware via USB ports.
• Exfiltrate Data: Copying sensitive patient data from devices or connected systems.
• Fall Victim to Phishing/Social Engineering: Inadvertently providing credentials that allow external attackers to gain internal access.

Robust access controls, regular security awareness training, strict adherence to least privilege principles, and comprehensive logging and auditing are essential to mitigate insider risks.

4.6. Data Integrity and Availability Attacks

While data confidentiality (preventing unauthorized access to patient data) is a common concern, attacks targeting data integrity and availability can be equally, if not more, devastating in a clinical context. Data integrity refers to the trustworthiness and accuracy of data, while availability refers to continuous access to systems and data.

• Data Integrity Attacks: A malicious actor could alter diagnostic readings, medication dosages, or patient physiological parameters transmitted by an IoMT device. Such manipulation could lead to misdiagnosis, incorrect treatment, or severe patient harm.
• Availability Attacks (Denial of Service – DoS): An attacker could launch a DoS attack against an IoMT device or the network it relies upon, rendering it inoperable. This could disrupt critical patient monitoring, surgical procedures, or emergency response systems, with potentially life-threatening consequences. Ransomware attacks, in particular, aim to deny access to systems and data until a ransom is paid, crippling hospital operations.

4.7. Physical Security Risks

Many IoMT devices are physically accessible within patient rooms, operating theaters, or public areas of a hospital. This physical accessibility introduces risks of tampering, theft, or unauthorized direct connection. While network security focuses on logical access, physical security measures such as secure placement, locking mechanisms, and surveillance are crucial, especially for devices that may be directly connected to patients or store local data.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

5. Advanced Best Practices for Fortifying IoMT Security

Addressing the complex security challenges posed by IoMT devices requires a holistic, multi-layered, and proactive approach that extends across the entire device lifecycle and involves all stakeholders.

5.1. Implementing ‘Security by Design’ and Secure Development Lifecycles (SDLC)

The most effective cybersecurity measures are those integrated from the earliest stages of a device’s conception, not retrofitted as an afterthought. ‘Security by Design’ mandates that security is an inherent architectural consideration, ensuring that devices are built with robust security features from the ground up.

Key elements include:

• Threat Modeling: Systematically identifying potential threats and vulnerabilities during the design phase to proactively build in countermeasures.
• Secure Coding Practices: Training developers in secure coding standards and performing code reviews to minimize software vulnerabilities.
• Principle of Least Privilege: Ensuring that devices and their components operate with only the minimum necessary permissions to perform their intended function.
• Secure Boot and Hardware Root of Trust: Implementing mechanisms that ensure only authenticated and authorized firmware can run on the device, preventing tampering and malicious code injection.
• Data Minimization: Collecting and storing only the necessary patient data to reduce the attack surface.
• Secure Default Configurations: Shipping devices with secure configurations out-of-the-box, rather than insecure defaults.
• Fuzzing and Penetration Testing: Rigorous security testing throughout the development process to uncover vulnerabilities before deployment.

Manufacturers must adopt a comprehensive Secure Development Lifecycle (SDLC) that embeds security activities at every phase, from requirements gathering and design to testing, deployment, and maintenance.

5.2. Robust Firmware and Software Update/Patch Management

Establishing and meticulously adhering to processes for regular firmware and software updates and effective patch management is paramount. This involves a collaborative effort between manufacturers and healthcare organizations.

• Manufacturer Responsibility: Manufacturers must commit to providing timely, cryptographically signed, and thoroughly validated security updates for the entire supported lifespan of their devices. They should also provide clear documentation on how these updates can be securely applied without impacting device functionality or requiring re-validation.
• Healthcare Organization Procedures: HCOs must implement standardized, risk-based procedures for applying updates. This includes:
  • Prioritization: Identifying critical devices and vulnerabilities that require immediate patching.
  • Testing: Thoroughly testing patches in a non-clinical environment to ensure compatibility and prevent adverse effects.
  • Scheduled Downtime: Planning updates during periods of low clinical activity to minimize disruption.
  • Rollback Capabilities: Having mechanisms to revert to a previous stable version in case of update failure.
  • Automated Deployment: Utilizing automated solutions where feasible to streamline patch deployment across large fleets of devices.

5.3. Advanced Network Segmentation and Granular Access Controls

Moving beyond basic VLANs, healthcare organizations should strive for more sophisticated network segmentation strategies to isolate IoMT devices from other critical systems, thereby significantly reducing the potential for lateral movement by attackers.

• Micro-segmentation: This involves creating highly granular security zones down to the individual device level, allowing precise control over traffic flows between devices and applications.
• Zero Trust Architecture (ZTA): Implementing ZTA principles, where no device or user is inherently trusted, regardless of their network location. All access attempts are verified based on identity, context, and policy.
• Network Access Control (NAC): Utilizing NAC solutions to onboard new devices securely, automatically place them into appropriate segmented networks, and continuously monitor their compliance with security policies.
• Strong Authentication and Authorization: Enforcing multi-factor authentication (MFA) for accessing device management interfaces and clinical systems. Implementing Role-Based Access Control (RBAC) to ensure only authorized personnel have specific levels of access to devices or their data.
• Intrusion Detection/Prevention Systems (IDPS): Deploying IDPS within segmented networks to monitor for malicious activity and block known threats.

5.4. Comprehensive and Contextualized Inventory and Asset Management

Achieving complete visibility into the IoMT ecosystem is foundational to effective security. This requires more than just a spreadsheet; it demands dynamic, automated, and context-aware solutions.

• Automated Asset Discovery: Implementing agentless solutions that can passively scan and identify all connected devices on the network, including those that cannot host agents. Deep Packet Inspection (DPI) can analyze network traffic to identify device types, manufacturers, models, operating systems, and communication patterns.
• Centralized Asset Database (CMDB): Maintaining a comprehensive Configuration Management Database that not only lists devices but also stores critical contextual information, such as:
  • Device type and clinical function (e.g., infusion pump, MRI machine)
  • Physical location and associated clinical department
  • Manufacturer, model, serial number, firmware version
  • Connectivity method (Wi-Fi, Ethernet, Bluetooth, cellular)
  • Associated risks (e.g., direct patient contact, criticality of function, data sensitivity)
  • Patch status and compliance information
• Real-time Monitoring: Continuously monitoring device behavior to detect deviations from established baselines, which could indicate a compromise or malfunction.
• Lifecycle Management: Tracking devices from procurement to decommissioning, including secure disposal procedures.

5.5. Fostering Proactive Collaboration with Manufacturers and Stakeholders

IoMT security is a shared responsibility. Effective protection requires seamless and continuous collaboration between healthcare organizations, device manufacturers, security researchers, and regulatory bodies.

• Joint Security Assessments: Participating in joint vulnerability assessments and penetration testing programs with manufacturers.
• Vulnerability Disclosure Programs: Encouraging and participating in coordinated vulnerability disclosure (CVD) programs to ensure that vulnerabilities are reported responsibly and patched swiftly.
• Service Level Agreements (SLAs): Negotiating comprehensive SLAs with manufacturers that explicitly define security update policies, response times for discovered vulnerabilities, and provisions for long-term support.
• Information Sharing: Establishing secure channels for sharing threat intelligence, best practices, and lessons learned between HCOs and manufacturers.
• Policy Advocacy: Working with industry associations and regulatory bodies to advocate for stronger cybersecurity standards and mandatory requirements for medical devices.
• Requesting SBOMs: Mandating manufacturers to provide Software Bill of Materials (SBOMs) for all purchased devices to enhance transparency and risk management.

5.6. Continuous Risk Management and Incident Response Planning

Security is not a static state but an ongoing process. HCOs must adopt a continuous risk management framework and be prepared to respond effectively to cyber incidents.

• Regular Risk Assessments: Periodically assessing the cybersecurity risks posed by IoMT devices, taking into account new threats, vulnerabilities, and changes in the environment.
• Security Information and Event Management (SIEM) / Security Orchestration, Automation and Response (SOAR): Implementing SIEM solutions to aggregate and analyze security logs from IoMT devices and other network components. Integrating SOAR platforms can automate repetitive incident response tasks and accelerate remediation.
• Behavioral Analytics: Employing AI and machine learning-driven analytics to detect anomalous behavior patterns from IoMT devices that may indicate compromise, even if traditional signatures are not present.
• Comprehensive Incident Response Plan: Developing, testing, and regularly updating an incident response plan specifically tailored for IoMT incidents. This plan should cover:
  • Detection and analysis (how to identify a breach)
  • Containment (how to isolate affected devices without compromising patient care)
  • Eradication (how to remove the threat)
  • Recovery (how to restore services and data)
  • Post-incident analysis (lessons learned)
• Tabletop Exercises: Conducting regular tabletop exercises with clinical, IT, and cybersecurity teams to simulate various attack scenarios and refine response procedures.

5.7. Security Training and Awareness Programs

Human error remains a significant vulnerability. Comprehensive security training and awareness programs are critical for all personnel interacting with IoMT devices.

• Targeted Training: Providing specific cybersecurity training for clinicians, biomedical engineers, IT staff, and administrative personnel on topics relevant to their roles, such as phishing awareness, secure device handling, reporting suspicious activities, and understanding the clinical implications of cybersecurity incidents.
• Patient Education: Educating patients on the secure use of personal IoMT devices (e.g., wearables) and the importance of protecting their health data.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

6. Conclusion: Navigating the Future of Secure IoMT

The integration of Internet of Medical Things devices into healthcare systems represents a paradigm shift, offering transformative benefits in terms of patient care efficacy, operational efficiency, and data-driven insights. From remote patient monitoring to advanced surgical interventions, IoMT is undeniably shaping the future of medicine. However, this profound utility is inextricably linked to substantial and evolving cybersecurity challenges.

Addressing these challenges is not merely a technical exercise but a fundamental imperative to safeguard patient safety, maintain data integrity, and preserve public trust in these burgeoning technologies. It demands a multifaceted, proactive, and collaborative approach that transcends traditional organizational silos. By adhering rigorously to a robust ‘Security by Design’ philosophy, implementing stringent technical controls such as advanced network segmentation and comprehensive inventory management, and fostering continuous vigilance through regular updates and threat monitoring, healthcare organizations can significantly enhance their resilience against cyber threats.

Crucially, the responsibility for IoMT security is a shared one. Device manufacturers must prioritize cybersecurity from concept to end-of-life, providing secure products, transparent vulnerability disclosures, and long-term support. Healthcare providers must adopt comprehensive risk management frameworks, invest in specialized security expertise and technologies, and develop robust incident response capabilities. Regulatory bodies must continue to evolve and enforce stringent, harmonized standards that keep pace with technological advancements and emerging threats. Researchers and industry consortia must continue to push the boundaries of secure IoT development.

As IoMT continues to expand its footprint within healthcare, the proactive commitment to cybersecurity will determine its ultimate success and trustworthiness. By relentlessly prioritizing security throughout the entire device lifecycle and fostering an ecosystem of shared responsibility, stakeholders can truly harness the immense potential of IoMT to revolutionize healthcare delivery safely and effectively for generations to come.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

References

• Armis. (2020). Chapter 2: The Hurdles of Internet of Medical Things Security. Armis.
• Capterra. (2020). What You Need To Know About Medical IoT Security. Capterra.
• Cylera. (2020). Healthcare IoT Security 101 | Healthcare Cybersecurity. Cylera.
• EOS Intelligence. (2020). Prescribing Security: Diagnosing and Treating the IoT Universe in Healthcare. EOS Intelligence.
• European Commission. (2017). Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 on medical devices. EUR-Lex.
• Financial Times. (2025). Networked devices help head off medical woes and speed recovery. Financial Times.
• Greenlight Guru. (2020). 3 Medical Device Security Challenges (and Solutions). Greenlight Guru.
• Hologram. (2020). Medical device security: Requirements, best practices, and challenges to protecting IoT in healthcare. Hologram.
• International Electrotechnical Commission. (2005). IEC 60601-1: Medical electrical equipment – Part 1: General requirements for basic safety and essential performance. IEC.
• International Electrotechnical Commission. (2006). IEC 62304: Medical device software – Software life cycle processes. IEC.
• International Organization for Standardization. (2019). ISO 14971:2019 – Medical devices – Application of risk management to medical devices. ISO.
• International Organization for Standardization, & Institute of Electrical and Electronics Engineers. (2010). ISO/IEEE 11073: Health informatics – Medical / health device communication standards. ISO/IEEE.
• SecuriThings. (2020). IoT vulnerabilities in healthcare: Tutorial & Best Practices. SecuriThings.
• U.S. Food and Drug Administration. (2018). Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. FDA.
• Varteq Inc. (2020). Healthcare IoT Security: Challenges and Best Practices. Varteq Inc.