Safeguarding Healthcare Organizations from IoMT Risks

November 18, 2024

Internet of Medical Things (IoMT) devices have become an essential part of the healthcare industry. The global healthcare medical device market is expected to reach 322 billion USD by 2027, indicating the high level of adoption that has already occurred and even higher levels yet to occur. These devices process vast amounts of sensitive medical data used to make critical decisions about the health of patients. However, because of their interconnected nature, these devices come with inherent risks, not only of data loss but potentially of loss of life.

Protected Health Information (PHI) and Electronic Health Records (HER) are both highly sought after by threat actors because of their high value on the dark web. Ransomware operators in particular have made large sums of money by ransoming medical records. In the well-known ransomware attack against Change Healthcare, 4TB of medical records were exfiltrated by the AlphV ransomware group, resulting in a ransom payment of 22 million USD. In many cases, the attack vector through which threat actors can get at these valuable records is through IoMT devices, which are not designed with security in mind. Security researchers have found many zero-day vulnerabilities in various IoMT devices allowing for unauthorized data retrieval. As an example, studies conducted on the GE HealthCare Vivid Ultrasound product family in May of this year found 11 high-severity security flaws that would enable threat actors to gain unauthorized access to the device, exfiltrate credentials, and even lock down the entire system. Some vulnerabilities may have even more dire consequences than this. In 2021, researchers at McAfee identified severe vulnerabilities in a brand of infusion pump that allowed a threat actor to gain command line access to the device and potentially deliver lethal doses of medication to patients, resulting in loss of life. These were vulnerabilities that were caught and patched: without close oversight, other vulnerabilities may still exist in these devices that endanger the safety and privacy of patients.

In order to address these problems, researchers have encouraged developers of IoMT devices to adopt the Zero Trust framework, which adheres to the principle of least privilege and restricts data access. Network segmentation has also been commonly stressed, meaning that these sensitive devices need to be kept separate from less critical access terminals, lowering the number of possible entry points from lateral movement. As always, network security is a series of trade-offs between protection and convenience, and when disruptions in convenience could damage the quality of a patient’s care, figuring out what measures can be safely taken is more important than ever. But for the sake of the healthcare industry as a whole and the lives of patients in particular, IoMT security cannot be ignored.

More from Blackwired

December 9, 2024

The Shocking Speed of AWS Key Exploitation

AWS keys exposed online are exploited in minutes, highlighting the need for faster detection and response to prevent breaches.

Read more
December 2, 2024

Advanced Cyberthreats Targeting Holiday Shoppers

The holiday season sees increased e-commerce scams, with AI-driven phishing, fake sites, and data theft targeting consumers and businesses.

Read more
November 25, 2024

Middle East Cybersecurity in 2024: From Zero-Day Exploits to Supply Chain Attacks

In 2024, the Middle East faces rising cyberattacks, with governments and infrastructure targeted; regional cybersecurity efforts grow.

Read more