Safeguarding Healthcare Organizations from IoMT Risks

November 18, 2024

Internet of Medical Things (IoMT) devices have become an essential part of the healthcare industry. The global healthcare medical device market is expected to reach 322 billion USD by 2027, indicating the high level of adoption that has already occurred and even higher levels yet to occur. These devices process vast amounts of sensitive medical data used to make critical decisions about the health of patients. However, because of their interconnected nature, these devices come with inherent risks, not only of data loss but potentially of loss of life.

Protected Health Information (PHI) and Electronic Health Records (HER) are both highly sought after by threat actors because of their high value on the dark web. Ransomware operators in particular have made large sums of money by ransoming medical records. In the well-known ransomware attack against Change Healthcare, 4TB of medical records were exfiltrated by the AlphV ransomware group, resulting in a ransom payment of 22 million USD. In many cases, the attack vector through which threat actors can get at these valuable records is through IoMT devices, which are not designed with security in mind. Security researchers have found many zero-day vulnerabilities in various IoMT devices allowing for unauthorized data retrieval. As an example, studies conducted on the GE HealthCare Vivid Ultrasound product family in May of this year found 11 high-severity security flaws that would enable threat actors to gain unauthorized access to the device, exfiltrate credentials, and even lock down the entire system. Some vulnerabilities may have even more dire consequences than this. In 2021, researchers at McAfee identified severe vulnerabilities in a brand of infusion pump that allowed a threat actor to gain command line access to the device and potentially deliver lethal doses of medication to patients, resulting in loss of life. These were vulnerabilities that were caught and patched: without close oversight, other vulnerabilities may still exist in these devices that endanger the safety and privacy of patients.

In order to address these problems, researchers have encouraged developers of IoMT devices to adopt the Zero Trust framework, which adheres to the principle of least privilege and restricts data access. Network segmentation has also been commonly stressed, meaning that these sensitive devices need to be kept separate from less critical access terminals, lowering the number of possible entry points from lateral movement. As always, network security is a series of trade-offs between protection and convenience, and when disruptions in convenience could damage the quality of a patient’s care, figuring out what measures can be safely taken is more important than ever. But for the sake of the healthcare industry as a whole and the lives of patients in particular, IoMT security cannot be ignored.

More from Blackwired

April 16, 2025

The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders

Precision-validated phishing targets specific emails, blocking others, evading detection and complicating traditional defenses.

Read more
April 9, 2025

Hunters International Dumps Ransomware, Goes Full-on Extortion

Ransomware groups shift to data privacy extortion as law enforcement and reduced profits make double-extortion less viable.

Read more
April 2, 2025

How SSL Misconfigurations Impact Your Attack Surface

SSL misconfigurations increase cyber risks. EASM platforms offer continuous monitoring to detect and address vulnerabilities effectively.

Read more

© 2024 Blackwired. All Rights Reserved.