Chapter 1: How to innovate in healthcare with IoMT devices without exposing the expanding cyber attack surface

With the rise of the Internet of Medical Things (IoMT), the healthcare ecosystem is getting smarter – but more vulnerable to cyberattacks, too.

From robotic arms that aid surgeries to wearable or ingestible sensors that pair with your smartphone to monitor your health, connected medical devices are a market in expansion. Smart hospitals are expected to deploy over 7 million IoMT devices by 2026 – more than twice that of 2021, per Juniper Research.

What is the Internet of Medical Things (IoMT)?

As a subset of the Internet of Things (IoT) in healthcare, Internet of Medical Things refers to connected healthcare devices and applications. Since medical devices are not designed with security mind, they are often vulnerable to cyberattacks — and have become a growing target of cybercrime.

So you should get prepared.

IDC predicts there will be over 55 billion Internet of Things (IoT) devices by 2025. And it’s concerning that 57% of healthcare security professionals don’t fully understand the risks associated with unmanaged and IoT devices, according to our report on IoT security. There’s even a lack of understanding of what counts as Internet of Things in healthcare:

• 48% think that MRIs, X-ray, and ultrasound machines that connect to the network don’t count as IoT technology.  
• 41% think that biomedical devices (infusion pumps, ventilators, crash carts) that use Wi-Fi or Bluetooth don’t count as IoT-enabled devices. 

This knowledge gap hinders hospitals’ ability to implement the right medical device security solution. IoMT devices are often unmanaged and, as such, more vulnerable than managed computers because they cannot be secured with traditional security tools, such as agents and scans.

IoMT examples that expand your cybersecurity attack surface

Trends of digital transformation in healthcare have increased the push for IoMT technology. But while implementing those innovations, equally important is to build hospital cybersecurity resilience along the way.

Here are four IoMT examples to take into account when identifying your cyber attack surface — that means, all the possible entry points for an unauthorized access.

• Robotic surgery. With the use of robotic arms, doctors can perform more complex and precise procedures – even remotely. These procedures are considered less invasive and have use cases such as coronary artery bypass and mitral valve surgery.
• Remote monitoring. Personal emergency response systems (PERS) and remote patient monitoring (RPM) solutions can send automatic alerts in case of distress.
• Wearable devices. Sensors and trackers can monitor sleep patterns, glucose levels, blood pressure, electrocardiogram patterns etc. Devices and supporting platforms certified by regulatory or health authorities include pills that track the ingestion of medicaments, neurostimulators that offer relief from chronic pain, and pacemakers with remote heart rate monitoring functions.
• Automated drug delivery. Connected infusion pumps and smart drug dispensing cabinets in hospitals enable the automated delivery of medication and can be controlled through the internet.

These connected devices could potentially be exploited to malfunction and cause harm to patients. Attackers might also use medical devices as a back door to break into hospital networks. Health data breaches are another concern. A report from the U.S. Government Accountability Office shows that the number of reported breaches involving protected health information (PHI) is increasing yearly, reaching 714 breaches of more than 500 records last year.

Risks go beyond connected medical devices

The convergence with devices that are not necessarily medical, but are used as such, also expands the attack surface. For example, vendors are using Samsung Galaxy and Raspberry Pi to power medical devices as a way to lower costs. This clinical usage poses a security blind spot, especially if your security tool thinks it’s dealing with a tablet, rather than understanding that it might have, for example, an ultrasound component connected to it.

Traditional IT devices such as printers in doctor’s offices and operational technology (OT) – think of pressure setting for infection control during surgeries – also pose cybersecurity risks. From check-in kiosks to nurse call systems and defibrillators, patients are surrounded by devices throughout their hospital stay. Another example of the pervasiveness of IoT in healthcare is the increased use of surveillance webcams to help protect physicians and nurses from growing workplace violence. 

To learn more healthcare cybersecurity, download our white paper on medical and IoT device security.

IoMT device security requires comprehensive asset visibility

Asset visibility is critical not only to increased hospital cybersecurity but also to improved operational efficiency and return on investment (ROI). Hospitals can better understand:

• Where is the device is located? When and how is it used? 
• What are the risks associated with the device? Is it patched?

This type of information helps both clinical teams with device utilization trends and cybersecurity personnel with vulnerability management.

Start with medical device inventory

For comprehensive device inventory and visibility, your cybersecurity solution needs to identify all assets in your environment (on and off-network), including those that cannot accommodate security agents. The monitoring needs to be continuous and passive because scans are disruptive and can cause devices to crash.

The Armis platform can do that, and more. Armis discovers, classifies, and provides additional context about each asset. A comprehensive device inventory generates information such as category, manufacturer, FDA classification, operating system version, installed applications, connections, activities, risk factors, and more.

Armis can understand not only what the device is and what it is doing, but also what it should be doing. Armis compares real-time device activity to historical behavior and baselines stored in our Collective Asset Intelligence Engine — the world’s largest device knowledgebase, tracking over two billion assets and growing. Real-time monitoring is critical to detect threats and trigger proactive incident remediation. 

Ready to make the most of your IoMT devices while minimizing risks to patient care? Request a custom demo and discover all Armis can do for your health delivery organization.

Frequently Asked Questions

Check out all IoMT Playbook Chapters:

1. Chapter 1 – How to innovate in healthcare with IoMT devices without exposing the expanding cyber attack surface 👈 you are here
2. Chapter 2 – The Hurdles of Internet of Medical Things Security
3. Chapter 3 – A history of medical device hacking
4. Chapter 4 – How to mitigate ransomware in healthcare
5. Chapter 5 – How to minimize the clinical risks of unsecured healthcare devices
6. Chapter 6 – How to improve patient data security
7. Chapter 7 – Why healthcare IT security can’t protect against IoMT vulnerabilities
8. Chapter 8 – How to spot the top indicators of compromise in healthcare
9. Chapter 9 – The fundamentals of medical device cybersecurity 
10. Chapter 10: Which role can you play in strengthening cybersecurity in healthcare moving forward?