What is IoMT?

Internet of Medical Things (IoMT) refers to medical devices and applications with Internet connectivity. It’s a subset of Internet of Things (IoT) and, for this reason, is often referred to as IoT in healthcare.

The overall category of IoT devices is typically more consumer-oriented, focusing on usability and convenience. IoT devices include smart TVs, lighting apps, voice assistants—really any number of smart, connected devices. IoMT devices and applications are designed with healthcare in mind, including:

• Smart thermometers and infusion pumps
• Remote patient monitoring (R\PM) devices
• Personal emergency response systems (PERS)
• Heart rate sensors and glucose monitors
• Ingestible sensors and cameras
• MRI machines

Benefits of IoMT

Connected medical devices help healthcare workers deliver faster and better care. Use cases range from robotic surgery to glucose monitoring. Benefits of IoMT include:

• Improved treatments and cost savings
• Faster and precise diagnostics, as IoMT technology can track patient’s vital signs in-depth and detail
• Better patient monitoring, without requiring visits to a medical facility

IoT Security Challenges in Healthcare

The proliferation of connected devices in hospitals and medical facilities expands these organizations’ attack surface. Medical data privacy is also a concern and subject to regulations, such as the Health Insurance Portability and Accountability Act (HIPAA).

In addition, IoMT devices have unique cybersecurity challenges. For example:

• IoMT devices are often not built with security in mind and lack inherent controls. And many of those devices in use are based on old and vulnerable software and cannot be easily updated or patched.
• Traditional IT security tools can’t see or secure IoMT assets because the devices cannot accommodate endpoint agents. Scans are disruptive and can cause IoMT systems to crash.
• Device certification requirements complicate the patching process, leading to vulnerability and exposure to cyberattacks.

Limited correlation of security vulnerabilities with safety impact potentially causes issues with prioritization of information security response and recovery workflows.