• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

Why Security Misconceptions Are Threatening Healthcare Systems’ IoT Devices

by Dinesh Katiyar, Head of Business Development at Asimily 11/28/2022 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print
Dinesh Katiyar, Head of Business Development at Asimily

Hospitals and other critical healthcare systems face skyrocketing risks as ransomware attacks—which most commonly target IoT devices—continue to escalate. In 2021 alone, IoT ransomware attack incidents targeting healthcare organizations increased by 123%. 

While most healthcare systems have a healthy respect for the importance of securing the myriad Internet of Medical Things (IoMT) devices humming within their facilities, many harbor misconceptions that hamper their abilities to implement optimal IoMT security protections and best practices. These misconceptions, and the stark realities that healthcare organizations should instead understand and base their practices upon, include:

1) “Traditional IT security tooling will suffice.”

Healthcare systems too often make the mistake of believing that all device security is the same—and that the protections they have in place for standard IT devices, such as servers and laptops, can also effectively protect IoMT devices. 

Traditional IT security cannot reliably secure IoMT devices for a number of reasons. First, many traditional security tools leverage active scanning to detect threats. But a high percentage of IoMT devices can’t withstand active scans and will crash, potentially impacting patient health. Tools designed to secure traditional devices are also unlikely to reliably discover and inventory IoMT devices, and cannot protect what they don’t know is there. Such approaches also lack any ability to assess or contextualize risks associated with non-connected IoMT devices.

The better approach is enlisting a security strategy intended for the task at hand. Effective security will leverage IoMT-specific data, frameworks, and MDS2 manufacturer disclosure statements to understand and mitigate known vulnerabilities. IoMT security also requires a thorough understanding of each device’s connections and surrounding ecosystem: these details are essential to determining whether IoMT device vulnerabilities represent true threats that actually need to be addressed. 

2) “Adding IoMT-specific security is beyond our budget.”

IT and security decision-makers within healthcare organizations are inherently budget-conscious—and need to be. However, the real potential for attacks to impact patient health and for security shortcomings to result in six or seven-figure regulatory penalties strongly supports the argument that they can’t afford not to invest in IoMT security. 

Much like in the healthcare industry itself, an ounce of IoMT security risk prevention is worth a pound of cure. And implementing effective IoMT security enables further cost controls by eliminating much of the existing spending needed to identify and fix device vulnerabilities (as well as vastly increasing efficiency by flagging the vulnerabilities that do and do not pose an actual risk). IoMT security insights can also enable more efficient device procurement, offering greater visibility for maximizing the ROI of a more comprehensive security strategy.

3) “Data collection for IoMT security purposes increases HIPAA violation risks.”

Certainly, healthcare systems must prioritize the security of protected health information (PHI) and adherence to HIPAA regulations. This doesn’t just protect patients, but also avoids both fines and reputational damage. To continually achieve compliance, IT and security teams carefully enforce data sharing restrictions upon any information transmitted to vendors or the cloud. 

However, the notion that collecting data to inform secure IoMT practices raises the risks of violating HIPAA is false. IoMT security analysis focuses on network traffic data, which doesn’t include PHI data. Security safeguards can also apply filters that prevent transmission of PHI over the cloud, and the cloud itself can be made HIPAA compliant. Using a fully on-premise IoMT infrastructure can effectively prevent outside data transmission and risk as well.

4) “IoMT security deployments require months of effort.”

While deploying a new electronic health records system might take an organization a full year to complete, IoMT-specific security implementations are an entirely different path forward with a much swifter process. IoMT security enlists many cloud-based safeguards, which require none of the hardware procurement or lengthy production deployments that drag out implementations in other areas. IoMT security systems that do rely on edge devices can still be implemented in just hours. In general, there’s nothing overly cumbersome or drawn out about deploying IoMT-specific security.

The truth: IoMT-specific security is within reach.

If current trends continue as predicted, ransomware and other attacks on IoMT devices will only become more frequent. For healthcare systems, avoiding breaches that expose data and the business itself to costly fines and crushing reputational damage is crucial. Attackers would love for IT decision-makers to continue believing that the IoMT is far too complex and challenging to secure properly. Fortunately, the expense and difficulty of adopting highly effective IoMT-specific security measures aren’t nearly as daunting as the still-common misconceptions suggest.


About Dinesh Katiyar
Dinesh Katiyar is Head of Business Development at Asimily. His career in technology has included leadership roles at Glassbeam, SnapLogic, and Informatica, among others.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: cloud, HIPAA, HIPAA violation, IoT, PHI, Ransomware Attacks, risk

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Kinetik CEO Sufian Chowdhury on Fighting NEMT Fraud & Waste

Most-Read

CureIS Healthcare Sues Epic: Alleges Anti-Competitive Practices & Trade Secret Theft

The Evolving Role of Physician Advisors: Bridging the Gap Between Clinicians and Administrators

The Evolving Physician Advisor: From UM to Value-Based Care & AI

UnitedHealth Group Names Stephen Hemsley CEO as Andrew Witty Steps Down

UnitedHealth CEO Andrew Witty Steps Down, Stephen Hemsley Returns as CEO

Omada Health Files for IPO

Omada Health Files for IPO

Blue Cross Blue Shield of Massachusetts Launches "CloseKnit" Virtual-First Primary Care Option

Blue Cross Blue Shield of Massachusetts Launches “CloseKnit” Virtual-First Primary Care Option

Osteoboost Launches First FDA-Cleared Prescription Wearable Nationwide to Combat Low Bone Density

Osteoboost Launches First FDA-Cleared Prescription Wearable Nationwide to Combat Low Bone Density

2019 MedTech Breakthrough Award Category Winners Announced

MedTech Breakthrough Announces 2025 MedTech Breakthrough Award Winners

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

'Cranky Index' Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

‘Cranky Index’ Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |