Claroty Named a Strong Performer in The Forrester Wave™: Operational Technology Security Solutions, Q2 2024
Download the Report
Claroty Toggle Search

Blog / 8 min read

IoMT 101: Guide to Internet of Medical Things Security

The Claroty Team
/ March 10th, 2023
IoMT 101: Guide to the Internet of Medical Things

Living in a world with what seem like endless cybersecurity terms and acronyms can be daunting and at times can prove difficult to define. As we continue to explore the broad scope of the Internet of Things (IoT), we must understand that IoT can mean different “things” in different industries and environments. The Internet of Medical Things (IoMT), for instance, is also often referred to as healthcare IoT, and it represents the network of connected medical devices, hardware infrastructure, and software applications that are used to connect healthcare information technology. 

What is IoMT?

IoMT encompasses various wearable devices such as smartwatches that can track health metrics, remote patient monitoring such as blood glucose monitors or ECG machines, and medical imaging systems such as MRI machines or CT scanners. The data collected from IoMT devices can be used to improve patient outcomes, enhance the efficiency of healthcare delivery, and enable remote patient monitoring and telemedicine services.

IoMT devices are essential to healthcare delivery organizations (HDOs) because they carry out and help optimize various functions essential to patient care, including blood pressure monitors and dialysis machines that can transmit data to healthcare providers remotely, allowing them to monitor patients' health conditions in real-time. The IoMT is undeniably shaping the future of healthcare by improving the quality of care, and reducing the burden of costs and patient care complexities. However, as these new devices are introduced to the IoMT, they not only revolutionize patient care, but cause increased cybersecurity risk due to their interconnectivity. 

What’s The Difference Between IoT and IoMT?

Before we dive into the risks associated with IoMT devices, we must first understand the difference between the IoT and IoMT. The internet of things is a broader term describing a network of physical devices containing technologies that communicate and exchange data with other devices and/or systems over the internet. Examples of IoT devices can range from “smart” versions of household appliances like refrigerators, fans, or lighting systems to sophisticated pieces of industrial equipment that support automation, remote monitoring, or supply chain optimization. The IoMT, on the other hand, is specific to healthcare and medical applications. Examples of IoMT devices include remote patient monitoring (RPM) machines, medical imaging systems, sensors that track medication orders, infusion pumps that administer medications, biosensors located in wearables or implanted inside the human body that monitor vital signs, and more. Due to the sensitive nature and strict regulations surrounding healthcare data and privacy — and, more importantly, the harmful impact these devices can have on patients' health and safety if compromised — IoMT demands a more comprehensive security strategy than other IoT systems. 

What Does This Mean For My Security Team? 

Cyber-physical devices — including IoMT — are often not designed with security in mind, making them especially vulnerable to compromise via cyber threats. Furthering the issue, IoMT devices have more dire consequences than any other cyber-physical systems (CPS). That's because unlike other connected devices, IoMT devices have patient risks associated, and if compromise, can endanger patient safety. Myriad stakeholders are also involved in the IoMT ecosystem, causing unique legal, regulatory, technical, and privacy challenges. These challenges make it difficult for security teams to gain complete visibility of assets, hindering their ability to manage risk, protect their most critical IoMT devices, and respond quickly to incidents. 

Many HDOs are inundated with an overload of IT management and security solutions, but fall short of what is actually required for comprehensive visibility — much less protection — of their IoMT devices. Without the integration of a proper CPS security solution, unprotected medical devices can put healthcare operations and, more importantly, patient lives at risk. With device visibility and protection, your organization can proactively mitigate risks and exploitable vulnerabilities, and stop cybercriminals from performing a number of malicious actions — with consequences ranging from obtaining sensitive patient information (i.e. health, personal, and insurance data) to ransom attacks that have led to a loss of life. As we’ve been learning throughout this series, cyber-physical convergence has caused a multitude of cyber risks, but the IoMT poses arguably the most personal and detrimental of those risks — making safety and security paramount. 

How to Address IoMT Security Head-On 

If your organization faces the urgent need to tackle IoMT security challenges, we’ve got the inside scoop on how to implement a successful IoMT security strategy:

Step 1: Device Discovery

First, HDOs must consider the scope of connected devices in their XIoT environment. Executing device discovery will allow organizations to understand how and what devices are communicating across the network and provide enterprise-wide visibility. By tracking all things physical and virtual across the patient journey in real-time, HDOs can begin to protect their healthcare ecosystem from cyberattacks and downtimes, and ensure optimal patient care delivery. Discovery is a critical first step to securing the IoMT ecosystem as it allows for fine-grain controls to then be implemented throughout the remainder of these steps.

Step 2: Vulnerability Identification

Once all devices are discovered and cataloged within a centralized, real-time inventory, the second step in establishing strong IoMT security is assessing what vulnerabilities are present within those devices and elsewhere in your environment. Due to a diverse number of devices and types of systems in hospital networks, it can be difficult to track assets and manage their vulnerabilities. By obtaining a complete and detailed report of every device and its associated risk, you can understand how much of an impact newly published vulnerabilities are likely to have on your environment. With a solution that automatically correlates devices with known vulnerabilities as they are disclosed, security teams can take a less tedious and error-prone route to risk remediation. This degree of automation and precision provides the granular visibility your organization needs to patch or segment devices quickly and efficiently, and to prevent future risk. 

Step 3: Device Protection

The next step in improving IoMT security posture is network-centric protection. During this stage, segmentation initiatives are typically planned and executed. But first, HDOs must ensure they have the required visibility and risk assessment foundation they need to begin their segmentation project. Once vulnerability and risk management is assessed, inter-device relationships can be successfully profield and mapped, allowing organizations to determine how the devices within the network are communicating under normal circumstances. This information can be used to establish each device’s behavioral baseline, from which a series of suitable network policies can then be created, monitored, refined, and tested to ensure accuracy, and enforced via network infrastructure components such as network access control (NAC) solutions or firewalls. This approach to network segmentation helps minimize cyber risks to care delivery by obstructing a malicious actor’s ability to move laterally across the network, reducing the potential impact of a cyber attack — and, most importantly, ensuring care protocols and safely patient are prioritized above all else.

Step 4: Monitoring

The goal of step four is to ensure security operations center (SOC) personnel can detect, analyze, and respond to potential threats to IoMT devices and the care delivery operations they support in as close to real-time as possible. Although discovering, assessing, and protecting the IoMT are essential in preventing cyberattacks, sometimes a breach is inevitable no matter what steps you have in place. That’s why a SOC’s role is key in continuous monitoring to prevent attacks from happening in the first place. With continuous monitoring — and the set-up of a knowledge base containing all authorized internal and external connections — an analyst can be alerted when unauthorized behavior is detected. Effectiveness during this step requires the ability to accurately detect and respond to suspicious medical device communications, which is why it’s important for healthcare organizations to team up with the right CPS security vendor to meet their unique IoMT needs. 

Step 5: Optimization

Now that assets have been discovered, assessed for vulnerabilities, protected by segmentation, and are continuously being monitored, HDOs can focus on optimizing their operations. In step five, healthcare organizations should focus on capturing and enriching asset utilization and efficiency data. This data will prove vital in informing decision-making when it comes how assets are purchased, maintained, and allocated. This new dimension of insight will help improve inventory management in support of maintenance-based operational efficiencies and deliver insights that drive smarter supplier selection processes and procurements. To make managing all the connected devices in your IoMT environment easy, Medigate by Claroty has developed a Clinical Device Efficiency (CDE) module. 

The Claroty Solution for IoMT

Securing your healthcare IoT or IoMT requires a new strategy and coordinated approach as HDO systems converge and the threat from connected devices increases. IT, security, and BioMed teams need details about every medical device in their environment, and a comprehensive understanding of how they operate in the network. With new and costly devices constantly being introduced into the environment, organizations need a solution covering the entire risk spectrum while ensuring the uninterrupted usability of these devices.

Medigate by Claroty combines an understanding of proprietary protocols, clinical workflows, and extensive cybersecurity expertise to deliver accurate connected device identification, a customized risk framework, network-centric policy enforcement, and operational efficiencies. More and more organizations are aiming to empower and transform the care they give to patients. That’s why Claroty partners with HDOs to help them accomplish better outcomes, improve efficiency and deliver advanced care to patients — giving them the confidence they need to connect their devices and safely enable their real-time healthcare initiatives. 

Stay in the know

Get the Claroty Newsletter

Featured Articles

Interested in learning about Claroty's Cybersecurity Solutions?

LinkedIn Twitter YouTube Facebook