According to a recent AllTheResearch report, the global Internet of Medical Things (IoMT) market is growing annually at 24.4%, and will reach $254.2 billion in 2026. This is one of the fastest-growing markets, with the number of IoMT devices having proliferated at a bewildering rate to 20-30 billion devices in 2020.
IoMT devices provide significant business benefits to healthcare delivery organizations (HDOs) including improved patient care, lower per patient cost, improved patient experience, and reduced burden on practitioners. However, twin issues of management and monitoring of these devices have created new challenges for HDOs. In particular, securing these devices is critical to maximizing the business benefits.
The good news is that help is available through a constellation of vendors that can help HDOs meet these challenges. But success depends on making a solid pick. Technology provided by these vendors is complex, so picking a vendor could be daunting. Consider the following four criteria before making your decision:
- Secure before procure. The best mitigation strategy is to only buy secure devices. Technology can help in modeling risk for any new device before connecting it to the network. Your IoMT security vendor should provide secure configuration guidelines on how to connect and configure medical devices in the healthcare environment. Your IoMT security vendor should allow risk modeling to assess and quantify risk based on the potential future state of devices on the network.
- Passive data collection. Many IoMT devices are susceptible to malfunction if a procedure is performed concurrently with a vulnerability scan. Active scanning of devices can also jeopardize patient safety. Passive scanning ensures that data collection is non-intrusive and not resource intensive.
- Identify exploitable vulnerabilities and prescribe mitigation strategy. Just identifying the vulnerabilities is not enough. Technology has to calculate attack vectors to establish if a vulnerability can be exploited. Calculating attack vectors requires research on the vulnerability and real-time, deep analysis of the environment and ecosystem specific to each device and hospital. If a vulnerability is exploitable, potential mitigation strategies should be suggested. Remember that segmentation or patching is not always the correct solution or the only solution.
- Forensic data analysis. In an unfortunate event where an HDO has to endure a security breach or patient safety incident, a root cause analysis is required to ensure that a similar breach does not happen in the future. A security vendor needs to have the capability to collect all network and related data, including examination of raw packets for forensic analysis.
HDOs can greatly benefit by leveraging IoMT devices in improving operations. Realizing the full potential of IoMT devices is a journey and selecting a good fit for an IoMT cybersecurity provider is the critical first step.
Dinesh Katiyar is head of business development at Asimily.