Understanding the Importance of IoMT Security

The internet of medical things (IoMT) is a network of internet-connected devices and systems that gather, relay, and analyze health data. By enabling remote monitoring and other new care methodologies, they help healthcare workers deliver more effective and prompt patient care.

Some key IoMT devices include:

• Wearable devices such as fitness trackers, blood oxygen monitors, and glucose monitors, which collect and transmit patient health information
• Smart imaging systems such as MRI and CT scanners, which store and share medical images with specialists to enable faster diagnoses
• Connected surgical instruments such as robotic surgery systems and other tools for use in procedures that require extreme precision
• Patient monitoring systems such as heart monitors and other IoMT devices used in ICU settings to provide real-time updates on patient vitals
• Infusion pumps, ventilators, and other devices that deliver medicine or sustain life while connected to broader hospital networks

While IoMT devices offer incredible benefits, every device is also a potential entry point for attacks. The healthcare industry is already an attractive target, especially for ransomware. Medical data fetches high prices on the black market, and the sensitive, often urgent nature of care delivery means care providers can't afford downtime.

Many IoMT systems are vulnerable because they simply weren't built with security in mind. Common issues include:

• Weak authentication mechanisms: With stolen credentials still the top attack vector worldwide, simple username-and-password login is not enough to stop unauthorized access.
• Limited encryption: Many IoMT devices, especially resource-constrained ones like wearable devices, do not encrypt sensitive patient data in transit or at rest, leaving it exposed.
• Outdated software and firmware: Because high uptime requirements make some systems difficult or even impossible to update, many IoMT devices have unpatched security gaps.
• Traditional flat networks: On a network that lacks effective microsegmentation and least-privileged access controls, one compromised device can quickly infect the whole environment.

Ransomware attacks on healthcare increased nearly 1,200% from 2022 to 2024, putting the sector among ransomware's top three targets. Healthcare is a popular target because the stakes are high, and attackers know it.

What Do Attackers Stand to Gain?

Threat actors' main motivation for attacks on the healthcare industry is profit. A single medical record can sell on the dark web for US$250, and by some estimates, as much as $1,000. Buyers can use the extensive personal details within to perpetrate identity theft, insurance fraud, and more.

By comparison, one set of credit card details can fetch from $10 to $240, according to Experian. And because the financial sector generally has larger budgets, stricter data privacy regulations, and more modern security than the healthcare sector, attacks are less likely to succeed.

What Do Victims Stand to Lose?

Healthcare providers that fall victim to data breaches lose much more than the data. In 2024, the global average cost of a healthcare data breach was US$9.77 million, roughly twice the average across all other industries. Regulatory fines, legal compensation, ransom payments, and loss of patient trust can all add to that sum, and often continue to grow. For instance, the 2024 Change Healthcare breach, estimated to have cost $2.5 billion by October 2024, had swelled to $3.1 billion by January 2025.

Attackers exploit open vulnerabilities in IoMT to launch a variety of attacks, such as:

• Ransomware: Attackers encrypt sensitive patient data and hold it for ransom. In double extortion ransomware attacks, threat actors both encrypt and exfiltrate (steal) data to put more pressure on victims.
• Distributed denial of service (DDoS) attacks: Attackers overwhelm IoMT or connected networks with malicious traffic to slow or halt service. In time-critical hospital environments, DDoS can lead to widespread systemic disruption.
• Advanced persistent threats (APTs): Coordinated, long-term attacks can target IoMT devices and their connected networks to stealthily steal data or establish backdoor access to launch ongoing attacks over time.
• Man-in-the-middle (MiTM) attacks: Attackers intercept and manipulate communications between IoMT devices and their networks. They can harvest or alter sensitive data, or even inject malicious commands to exploit medical devices.
• Device takeover: Threat actors could exploit IoMT vulnerabilities to gain control of and tamper with the devices. Researchers have found vulnerabilities in devices such as pacemakers, insulin pumps, and more, with potentially life-threatening consequences.

Zero trust architecture offers a powerful way to secure IoMT against evolving threats. The framework continuously verifies every user, device, and connection before allowing access, reducing vulnerabilities while keeping healthcare systems operational and secure.

Zero trust approach strengthens IoMT security through:

• Device monitoring, ensuring medical devices communicate only with vendor-required sites. Suspicious or unauthorized communications are blocked and a security alert is generated instantly, greatly reducing attackers' ability to use IoMT devices as network entry points.
• Least-privileged access, limiting an entity to only the minimum access required to perform its function. For example, third-party vendors can only interact with the devices they are servicing, preventing unauthorized access to broader systems.
• Context-aware policies, using real-time data such as location and device security posture to dynamically adjust permissions and block high-risk actions.

Innovations in AI and machine learning can make zero trust even more effective. AI/ML tools analyze normal traffic behaviors to detect anomalies and automate responses, continuously improving security policies. They can also enforce segmentation to ensure IoMT devices operate only in specific subdomains, limiting the potential for lateral movement.

Together, zero trust and AI deliver an adaptive solution to make IoMT environments more secure and resilient.

Zscaler helps healthcare organizations protect their systems, devices, and data with the Zscaler Zero Trust Exchange™ platform. By keeping users off the healthcare network and enforcing granular device segmentation, the platform enables healthcare providers to:

• Stop ransomware attacks: Ensure devices and applications are never exposed to the internet, effectively making them invisible to attackers.
• Improve telemedicine and IoMT security: Secure the use of IoMT devices for in-person care, monitoring, and telemedicine, protecting sensitive patient data over any connection.
• Support compliance: Simplify compliance with regulations like HIPAA, HITECH, and more by encrypting all data and inspecting traffic for threats or data loss.
• Prioritize patient care: Eliminate outdated security tools so your team can focus on delivering improved patient outcomes instead of worrying about cyber risks.