Skip to main content

IoMT security: Why is it important?

October 8, 2021
8 min
IoMT security

IoMT market: brief overview

The number of connected Internet of Medical Things devices in 2015 was around 4.5 billion, which accounts for nearly one-third of the total number of IoT devices all over the world. In just 5 years, in 2020, the number of IoMT devices hit 20-30 billion, boosted in part by the new conditions and demands of the COVID-19 pandemic.

The value of the global IoMT market in 2019 was $24.4 billion. It is expected that by 2029 that figure will reach $285.5 billion. According to recent estimates, in 2020 there were about 50,000 medical technologies available, and this figure is constantly growing.

IoMT market

The tendency to implement these technologies into the work of healthcare institutions is gaining momentum. We analyzed IoMT market development and the prospects of the industry in a previously published blog post, so if you want to learn more, please follow the link to read our IoMT market overview.

IoMT security issues

Hackers are actively exploring the industry, viewing IoMT data as “easy prey.” Medical records can bring in a fortune when sold. In 2020, 34% of healthcare institutions around the world reported that they had become victims of cybercriminals. These figures are quite worrying, as 67% of cybercriminals successfully managed to encrypted data. 

More than 600 medical organizations and over 18 million patient records were affected by cyberattacks in 2020 alone. It’s worth mentioning that today it’s not only large public hospitals with wide networks of connected devices that may be attacked by cybercriminals; even small private clinics are at risk.

But why is this sector an “attack-friendly” zone?

  • IoMT devices are connected with numerous apps and systems, which creates a lot of possibilities for hackers to get access to the data.
  • They store highly vulnerable and valuable information that looks like an attractive target for cybercriminals. And the majority of hospitals opt to pay to get their data back, as the lives of their patients greatly depend on their medical records.
  • IoMT devices rely on open wireless communications and, as a  result, are prone to a variety of wireless/network attacks.
  • Usually, such devices provide the possibility of unauthorized access without being detected.
  • IoMT devices can be hijacked easily and criminals can start manipulating the process of treatment.

Why is it so crucial to focus on IoMT cybersecurity?

In the case of medical devices, data breaches can lead to a situation when personal information is simply stolen by fraudsters in exchange for money. But there can be even more serious consequences, such as disrupting necessary treatment, leading to unnecessary deaths of patients.

It’s obvious that these breaches can’t be allowed to put patients’ health and lives at stake.

To better understand the need to improve the security of medical devices, it’s useful to look at some real examples of IoMT threats. 

In 2016, a serious IoMT security vulnerability was detected in an infant heart monitor sensor used in the UK. IoMT cybersecurity research discovered that, while the data transfer between base servers and smartphones of parents was secure, the process of interaction between the base server and the sensor was not encrypted at all. 

To get access to data, it was enough just to log in. In other words, practically anyone, even without special skills and knowledge, could easily track the medical data and alert systems. That case was considered to be the worst IoT security risk of 2016

Types of IoMT attacks

Nowadays, hackers are quite creative in undertaking tactics that help them get access to IoMT devices and steal vulnerable data. Below are some of the many methods that put IoMT security under threat.

  • Ransomware:  In a ransomware attack, fraudsters can encrypt important data, including medical records, and hold this information hostage in exchange for money. 
  • Side channel: Side-channel attacks involve stealing medical data via tracking electromagnetic activity around particular IoMT devices.
  • Tag cloning: Hackers can duplicate data gathered in a side-channel attack to get access to confidential information of patients. Hackers can clone RFIDs.
  • Sensor tracking: Many IoMT devices have GPS sensors; for example, devices for wheelchair management, patient monitoring, or fall detection. These sensors can send location data to doctors. Hackers can attack these devices, steal sensitive data and even replace real info with inaccurate data.
  • Account hijacking: A malefactor can hijack an account by interrupting the communication established between IoMT devices amid the process of end-user authentication. 
  • Brute force: This tactic is probably the easiest one, and it is based on the fact that many IoMT devices are insufficiently protected, which makes it possible for attackers to gain access to a server.

Reasons for IoMT vulnerabilities

Numerous weaknesses can affect the security of IoMT devices. These include the following.


Reasons for IoMT vulnerabilities

  • Lack of standardization. A great number of different devices and applications are provided by numerous vendors. Many of these apps and devices do not correspond to the same standards.
  • Multiple service/product providers. In speaking about the IoT industry, it’s crucial to bear in mind that security issues may appear not only in software but also in hardware. That means there is an increased number of possible weak points, due in part to the spread of responsibility, which may have a negative effect on the quality of the products.
  • Insufficient testing. Devices and apps often are tested fully separately, which may lead to serious gaps in security when they start their interaction.
  • Poor skills on the part of medical staff. People who work directly with IoMT devices probably don’t know all the peculiarities of their functioning, capacities and settings. It is possible for healthcare specialists to fail to notice untypical behaviors of devices, so that serious threats go undetected.
  • Lack of needed solutions. There aren’t a lot of security solutions for IoMT devices that involve the connectivity of a device with a patient. Most solutions of this type are targeted at enterprise IoT use cases. But the IoMT requires more complicated specific tools for ensuring protection from cybercriminals.
  • Lack of solid regulation. Today there are no strict guidelines related to the protection of IoMT devices from cyber attacks. For example, in the US, the Food and Drug Administration (FDA) is responsible for protecting public health via controlling the safety of numerous products, including medical devices. When it comes to IoMT devices, the agency analyzes the benefits and risks to patients of using them; if it finds that the benefits outweigh the risks, the device becomes legally approved. The FDA focuses on the direct impact of the device on patients’ health, not on the technical side of the issue.

How to increase IoMT security

Unfortunately, the risk of cyberattacks in the IoMT space is high. The factors that put IoMT solutions under threat (connectivity to open networks, shared responsibility between separate vendors, etc.) can’t be fully eliminated. But at least their influence on security can be mitigated. 

This problem could be solved by implementing certain regulations. Some countries, including the US, are working on developing the right standards, but it is too early to say that the industry is well-regulated.

It is challenging and time-consuming to develop and successfully apply new regulations. And it will take time to make sure everything works as it is supposed to. But standardization will be the most efficient measure to boost IoMT security.

Secondly, IoT software development companies, as well as manufacturers of IoMT devices, should undertake the necessary steps on their own, while developing and testing their products.

At Cogniteq, we fully realize the importance of security for IoMT software for both healthcare institutions and patients, and we are ready to take responsibility for our solutions.

We always carefully test our apps to make them not only fully bug-free but also protected from external attacks. When working on development of IoT applications, we pay special attention to the correctness of their connection with external devices. Even if it is impossible to get access to the devices themselves, our developers create special software for emulating the necessary environment and the interaction.

Sometimes, during testing, we learn that the technical characteristics of the IoT device do not allow the app to perform correctly, which also may lead to serious security vulnerabilities. In such cases, we always share the results of our testing with the client, in order to solve the issues before the IoMT solution is actually implemented.

We’ve described our approach to testing IoT software in one of our previously published blog posts.

IoT in general and IoMT in particular are among the domains where our specialists have the richest expertise. Our portfolio already includes a collection of successfully launched solutions that stand out from the crowd, not only for their functionality but also for a high level of security.

We will be happy to help you in building IoMT solutions of any complexity and scale. Leave your message on our website and we will contact you as soon as our seasoned experts analyze your inquiry