• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Life Sciences
  • Investments
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage

Why Security Misconceptions Are Threatening Healthcare Systems’ IoT Devices

by Dinesh Katiyar, Head of Business Development at Asimily 11/28/2022 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print
Dinesh Katiyar, Head of Business Development at Asimily

Hospitals and other critical healthcare systems face skyrocketing risks as ransomware attacks—which most commonly target IoT devices—continue to escalate. In 2021 alone, IoT ransomware attack incidents targeting healthcare organizations increased by 123%. 

While most healthcare systems have a healthy respect for the importance of securing the myriad Internet of Medical Things (IoMT) devices humming within their facilities, many harbor misconceptions that hamper their abilities to implement optimal IoMT security protections and best practices. These misconceptions, and the stark realities that healthcare organizations should instead understand and base their practices upon, include:

1) “Traditional IT security tooling will suffice.”

Healthcare systems too often make the mistake of believing that all device security is the same—and that the protections they have in place for standard IT devices, such as servers and laptops, can also effectively protect IoMT devices. 

Traditional IT security cannot reliably secure IoMT devices for a number of reasons. First, many traditional security tools leverage active scanning to detect threats. But a high percentage of IoMT devices can’t withstand active scans and will crash, potentially impacting patient health. Tools designed to secure traditional devices are also unlikely to reliably discover and inventory IoMT devices, and cannot protect what they don’t know is there. Such approaches also lack any ability to assess or contextualize risks associated with non-connected IoMT devices.

The better approach is enlisting a security strategy intended for the task at hand. Effective security will leverage IoMT-specific data, frameworks, and MDS2 manufacturer disclosure statements to understand and mitigate known vulnerabilities. IoMT security also requires a thorough understanding of each device’s connections and surrounding ecosystem: these details are essential to determining whether IoMT device vulnerabilities represent true threats that actually need to be addressed. 

2) “Adding IoMT-specific security is beyond our budget.”

IT and security decision-makers within healthcare organizations are inherently budget-conscious—and need to be. However, the real potential for attacks to impact patient health and for security shortcomings to result in six or seven-figure regulatory penalties strongly supports the argument that they can’t afford not to invest in IoMT security. 

Much like in the healthcare industry itself, an ounce of IoMT security risk prevention is worth a pound of cure. And implementing effective IoMT security enables further cost controls by eliminating much of the existing spending needed to identify and fix device vulnerabilities (as well as vastly increasing efficiency by flagging the vulnerabilities that do and do not pose an actual risk). IoMT security insights can also enable more efficient device procurement, offering greater visibility for maximizing the ROI of a more comprehensive security strategy.

3) “Data collection for IoMT security purposes increases HIPAA violation risks.”

Certainly, healthcare systems must prioritize the security of protected health information (PHI) and adherence to HIPAA regulations. This doesn’t just protect patients, but also avoids both fines and reputational damage. To continually achieve compliance, IT and security teams carefully enforce data sharing restrictions upon any information transmitted to vendors or the cloud. 

However, the notion that collecting data to inform secure IoMT practices raises the risks of violating HIPAA is false. IoMT security analysis focuses on network traffic data, which doesn’t include PHI data. Security safeguards can also apply filters that prevent transmission of PHI over the cloud, and the cloud itself can be made HIPAA compliant. Using a fully on-premise IoMT infrastructure can effectively prevent outside data transmission and risk as well.

4) “IoMT security deployments require months of effort.”

While deploying a new electronic health records system might take an organization a full year to complete, IoMT-specific security implementations are an entirely different path forward with a much swifter process. IoMT security enlists many cloud-based safeguards, which require none of the hardware procurement or lengthy production deployments that drag out implementations in other areas. IoMT security systems that do rely on edge devices can still be implemented in just hours. In general, there’s nothing overly cumbersome or drawn out about deploying IoMT-specific security.

The truth: IoMT-specific security is within reach.

If current trends continue as predicted, ransomware and other attacks on IoMT devices will only become more frequent. For healthcare systems, avoiding breaches that expose data and the business itself to costly fines and crushing reputational damage is crucial. Attackers would love for IT decision-makers to continue believing that the IoMT is far too complex and challenging to secure properly. Fortunately, the expense and difficulty of adopting highly effective IoMT-specific security measures aren’t nearly as daunting as the still-common misconceptions suggest.


About Dinesh Katiyar
Dinesh Katiyar is Head of Business Development at Asimily. His career in technology has included leadership roles at Glassbeam, SnapLogic, and Informatica, among others.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: cloud, HIPAA, HIPAA violation, IoT, PHI, Ransomware Attacks, risk

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Interview

Reach7 Diabetes Studios Founder Chun Yong on Reimagining Chronic Care with a Concierge Medical Model

Most-Read

Evernorth Health Services Invests $3.5B in Shields Health Solutions

Evernorth Health Services Invests $3.5B in Shields Health Solutions

KLAS Report: Oracle Health Faces Customer Losses and Declining Satisfaction

KLAS Report: Oracle Health Faces Customer Losses and Declining Satisfaction

Tempus AI Acquires Digital Pathology Leader Paige for $81.25M

M&A:Tempus AI Acquires Digital Pathology Leader Paige for $81.25M

Mira Launches Ultra4™, the First At-Home Hormone Monitor with Lab-Quality Insights

Femtech: Mira Launches Ultra4™, the First At-Home Hormone Monitor with Lab-Quality Insights

Preparing for the ‘Big Beautiful Bill’: How Digitization Can Streamline Medicaid Eligibility & Social Care Delivery

Preparing for the ‘Big Beautiful Bill’: How Digitization Can Streamline Medicaid Eligibility & Social Care Delivery

How Healthcare CIOs Can Solve the Unstructured Data Crisis and Reduce Storage Costs

How Healthcare CIOs Can Solve the Unstructured Data Crisis and Reduce Storage Costs

Healthcare C-Suite Acknowledges AI Potential but Lacks Trust

Sage Growth Partners Report: Healthcare C-Suite Acknowledges AI Potential but Lacks Trust

EVERSANA and Waltz Health Merge to Redefine Pharmaceutical Commercialization

EVERSANA and Waltz Health Merge to Redefine Pharmaceutical Commercialization

Advancing Diabetes Care: Combating Burnout and Harnessing Technology

Advancing Diabetes Care: Combating Burnout and Harnessing Technology

White House Event Unveils CMS Health Tech Ecosystem Initiative

White House Event Unveils CMS Health Tech Ecosystem Initiative

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |