IoT security in healthcare

Healthcare is one of the fastest growing industries within the Internet of Things. The average patient bed currently has 10-15 connected medical devices[1]. Connected medical devices – or the Internet of Medical Things (IoMT) – includes any medical device which is connected to the internet. This definition covers a large spectrum of healthcare devices, including wearable blood glucose monitors, remote patient monitoring, implantable smart pacemakers, insulin infusion pumps, and much more.

The Internet of Things (IoT) continues to transform the healthcare industry, providing more innovative solutions for patients and healthcare providers. It is essential that connected medical devices are secured and protected from malicious attacks, data breaches or unauthorized access to protect patients.

Along with connected medical devices, many other pieces of equipment used in the healthcare industry are connected to the cloud and are therefore part of the Internet of Things. These include cameras, routers, connected elevators, personal mobile phones and more. These devices must also be protected and secured to safeguard patients and healthcare employees.


Digitally signed firmware

Unauthorized software and firmware updates can pose a real threat to healthcare organizations and connected medical devices. Digitally signed firmware blocks unauthorized updates to a device’s firmware or software. This technology prevents malicious modifications of connected medical devices, protecting against potential data theft, data manipulation, and data destruction. The firmware utilizes digital keys and signed code to validate authenticity, and to confirm that the update has not been altered.

Device identity lifecycle management and PKI

Categorizing and identifying devices within the network is an essential part of IoT security in healthcare. If unauthorized devices gain access to the network, they can exploit any potential vulnerabilities.

Public key infrastructure (PKI) can be leveraged to provide each device with a unique identity that will be verified when the device attempts to connect to a gateway or server. Device identity lifecycle management allows healthcare organizations to restrict device access to programs, data, and networks.

This process uses a certificate authority (CA), which is a trusted authority that sits as a third party between the server and the connected medical device. Both the server and the device are issued public / private key pairs with corresponding digital certificates. The digital certificates are issued by the certificate authority to verify the key holder is legitimate. Each time the connected medical device attempts to connect to the server a verification process takes place to ensure the IoT devices, and the server are both secured and authorized to gain access to each other.

Network authorization

Network authorization is closely linked to device identity lifecycle management. The principle is to provide permissions to authorized devices to access the agreed networks. Devices are permitted based on their digital certificates and digital identities.

To protect connected medical devices even further, a zero trust architecture (ZTA) is recommended. This approach is associated with continuous monitoring and validation of devices to ensure only the agreed IoMT are allowed to access the hospital’s network.
After identifying unauthorized or cloned devices trying to gain access in real-time, unauthorized devices are blocked, and access revoked to contain threats.

Managed detection and response (MDR) for OT and IoT

Research conducted by the Ponemon group[1] shows it takes 280 days on average to identify and contain a data breach . In the healthcare industry this average time is not acceptable and could cause considerable risk to patient care. Managed detection and response works continuously to automatically detect and respond to threats in near real-time. Threats can be automatically contained and stopped from spreading further into deeper restricted systems, such as gaining access to IoMT devices. This reduces the amount of time a cybersecurity hacker has access to the environment, known as dwell time.

MDR leverages artificial intelligence and machine learning, as well as advanced security analytics on endpoints and user behavior. This combination of metrics enables MDR to provide deeper and quicker detection and threat containment.


Asset Discovery

Asset discovery is the process of actively keeping track of what IoT devices are active or inactive within the system. By actively monitoring and being aware of each device’s name, model and serial number the system can be protected from any unknown IoT device trying to gain access. Asset discovery analyzes device behavior, categorizes and monitors activity. Logs contain information on the type of IoT devices connected, time active, level of complexity and many other variables. Any suspicious behavior is identified and contained quickly and efficiently, reducing the risk to patients.

For more information about how Atos can help to protect your healthcare organizations medical devices and IoT security, along with full end to end cybersecurity solutions contact our healthcare team.

Related resources


Digital Security Magazine

Read more on the future of IoT and OT security.


Cybersecurity, the emerging challenge of the Internet of Things

By allowing the physical world to be attached to the world of information, the IoT opens the door to the development of countless services. What is the role of cybersecurity when it comes to IoT?


Atos single pane of glass for OT, IoT & IT Security

Our cybersecurity offerings include Atos’ IoT security suite, OT security suite, MDR for OT/IoT (managed detection and response) and Atos cybersecurity professional services. Read more.