Importance of IoMT Security: What to Consider in Development

IoMT security

IoMT market: brief overview

The number of connected Internet of Medical Things devices in 2015 was around 4.5 billion, which accounts for nearly one-third of the total number of IoT devices all over the world. In just 5 years, in 2020, the number of IoMT devices hit 20-30 billion, boosted in part by the new conditions and demands of the COVID-19 pandemic. It is expected that within a decade this figure will reach 50 billion and we should admit that it is quite impressive growth. The range of such devices is very wide today: from simple wearables that can track heart rate, temperature, or blood pressure to advanced robots that can help doctors during surgeries.

The value of the global IoMT market in 2022 was $61.56 billion. It is expected that by 2032 that figure will reach $516.40 billion, with a CAGR of 23.7%. According to estimates, in 2020 there were about 50,000 medical technologies available, and this figure is constantly growing.

IoMT market: brief overview

The tendency to implement these technologies into the work of healthcare institutions is gaining momentum. We analyzed IoMT market development and the prospects of these technologies and their role in the healthcare industry in a previously published blog post, so if you want to learn more, please follow the link to read our IoMT market overview.

IoMT cyber security issues

Hackers are actively exploring the industry, viewing IoMT data as “easy prey.” Medical records kept by healthcare organizations can bring in a fortune when sold. 

In a 2023 study, it was revealed that these days we can observe a fall in the number of ransomware attacks in healthcare as their rate has decreased from 66% to 60% compared with the previous year. But it is too early to speak about positive changes in this field because this rate is still almost two times higher than the rate of 34% that was reported in 2021.

Among the most popular factors that led to cybersecurity attacks, it’s worth mentioning malicious emails or phishing (36$), compromised credentials (32%), and exploited vulnerabilities (29%). 

Today it’s not only large public hospitals with wide networks of connected devices that may be attacked by cybercriminals; even small private clinics that have their own IoMT infrastructure are at risk.

But why is this sector an “attack-friendly” zone?

  • IoMT devices are connected to numerous apps and systems, which creates a lot of possibilities for hackers to get access to the data.
  • They store highly vulnerable and valuable information that looks like an attractive target for cybercriminals. And the majority of hospitals opt to pay to get their data received from IoT devices back, as the lives of their patients greatly depend on their medical records.
  • IoMT devices rely on open wireless communications and, as a  result, are prone to a variety of wireless/network attacks.
  • Usually, such devices provide the possibility of unauthorized access without being detected.
  • IoMT devices used by healthcare organizations can be hijacked easily and criminals can start manipulating the process of treatment.

Why is it so crucial to focus on IoMT security?

To better understand the need to improve cybersecurity on the Internet of Medical Things, it’s useful to look at some real examples of IoMT threats detected at healthcare organizations.

In 2016, a serious Internet of Medical Things security vulnerability was detected in an infant heart monitor sensor used in the UK. IoMT cybersecurity research discovered that, while the data transfer between base servers and smartphones of parents was secure, the process of interaction between the base server and the sensor was not encrypted at all. 

To get access to data received from connected medical devices, it was enough just to log in. In other words, practically anyone, even without special skills and knowledge, could easily track the medical data and alert systems. That case was considered to be the worst IoT security risk of 2016.

Types of IoMT attacks

Nowadays, hackers are quite creative in undertaking tactics that help them get access to IoMT devices and steal vulnerable data and healthcare providers should bear this fact in mind. Below are some of the many methods that put IoMT security under threat.

Types of IoMT attacks
  • Ransomware:  In a ransomware attack, fraudsters can encrypt important data gathered by various medical devices, including medical records, and hold this information hostage in exchange for money. 
  • Side-channel: Side-channel attacks involve stealing medical data via tracking electromagnetic activity around particular IoMT devices like patient monitors, patient care wearables, and others.
  • Tag cloning: Hackers can duplicate data gathered by connected medical devices in a side-channel attack to get access to confidential information of patients. Hackers can clone RFIDs.
  • Sensor tracking: Many IoMT devices have GPS sensors; for example, devices for wheelchair management, patient monitoring (including those that can measure vitals like blood pressure or heart rate), or fall detection. These sensors can send location data to doctors. Hackers can attack these devices, steal sensitive data and even replace real info with inaccurate data.
  • Account hijacking: A malefactor can hijack an account by interrupting the communication established between IoMT devices amid the process of end-user authentication. 
  • Brute force: This tactic is probably the easiest one, and it is based on the fact that many IoMT devices are insufficiently protected, which makes it possible for attackers to gain access to a server.

Reasons for IoMT vulnerabilities

Numerous weaknesses can affect the security in Internet of Medical Things devices and negatively affect the healthcare industry. These security challenges include the following.


Reasons for IoMT vulnerabilities

  • Lack of standardization A great number of different devices and applications are provided by numerous vendors. Many of these apps, devices and sensors for medical equipment do not correspond to the same standards.
  • Multiple service/product providers. In speaking about the IoT industry, it’s crucial to bear in mind that security issues may appear not only in software but also in hardware. That means there is an increased number of possible weak points, due in part to the spread of responsibility, which may have a negative effect on the quality of the products.
  • Insufficient testing. Devices and apps used for remote patient monitoring and other purposes often are tested fully separately, which may lead to serious gaps in security when they start their interaction.
  • Poor skills on the part of medical staffPeople who work directly with IoMT devices probably don’t know all the peculiarities of their functioning, capacities, and settings. They just know that this or that device can continuously measure a patient’s blood pressure or sugar levels. But it is possible for healthcare specialists to fail to notice untypical behaviors of devices so that serious threats go undetected.
  • Lack of needed solutions. There aren’t a lot of security solutions for IoMT devices that involve the connectivity of a device with a patient. Most solutions of this type are targeted at enterprise IoT use cases. But the IoMT requires more complicated specific tools for ensuring protection from cybercriminals.
  • Lack of solid regulation. Today there are no strict guidelines related to the protection of IoMT devices from cyber attacks. For example, in the US, the Food and Drug Administration (FDA) is responsible for protecting public health by controlling the safety of numerous products, including medical devices. When it comes to IoMT devices, the agency analyzes the benefits and risks to patients of using them; if it finds that the benefits outweigh the risks, the device becomes legally approved. The FDA focuses on the direct impact of the device on patients’ health, not on the technical side of the issue.

Want to know how to protect your IoMT solution?

With our solid expertise in this sphere, we can help you to deal with any type of vulnerability and guarantee the highest level of data security.

Book a free consultation

How to increase IoMT device security

Unfortunately, the risk of cyberattacks in the IoMT space is high. The factors that put IoMT solutions under threat (connectivity to open networks, shared responsibility between separate vendors, etc.) can’t be fully eliminated. But at least their influence on security can be mitigated. 

This problem could be solved by implementing certain regulations. Some countries, including the US, are working on developing the right standards for vendors and healthcare providers, but it is too early to say that the industry is well-regulated

It is challenging and time-consuming to develop and successfully apply new regulations. And it will take time to make sure everything works as it is supposed to. But standardization will be the most efficient measure to boost IoMT security.

Secondly, IoT software development companies, as well as manufacturers of IoMT devices, should undertake the necessary steps on their own, while developing and testing their products.

Our team has prepared a list of IoMT security best practices that will help you ensure device security at any healthcare organization.

  • Use strong passwords. Though a medical device that you are going to use may already have a default password, we highly recommend you set a new one while adding it to your network. This password should be complicated enough and unique for your device.
  • Introduce MFA. Multi-factor authentication will help to reduce credential theft risks. Even if a hacker knows a password, to log in it will be required to provide some extra data (it can be a PIN code sent to a smartphone, face ID, fingerprint, etc.)
  • Monitor network traffic. By monitoring network traffic, you can detect any cases when your connected medical device receives or sends more data than they are supposed to. When the issue is timely detected, it can be properly addressed.
  • Apply network segmentation. It is recommended to logically or physically separate networks that include sensitive data from those that do not contain such information. As a result, hackers won’t be able to move between the networks even when they manage to access one of them.

Our experience in IoMT development

At Cogniteq, we fully realize the existing security challenges and their importance for software for both healthcare institutions and patients, and we are ready to take responsibility for our solutions powered by IoT devices.

We have strong expertise in providing healthcare development services and have a rich portfolio of successfully launched IoMT projects. 

One of the solutions that we are proud of is an online web app with live video chat features - Prism Therapy Online. It is a platform that allows users to connect with therapists (that are chosen in accordance with patients’ requests) and get consultations online in one of two formats: via live chats or video calls.

telemedicine

And another project that we want to share with you is Patient Diary. It is a mobile application intended for detailed medical and patient care documentation of the treatment process. This app is available for patients and doctors who can add vital health indicators, test results, and medications taken. Using this solution doctors can see the entire picture of a patient's condition and choose the right treatment.

telehealth

Our developers deeply understand the ongoing demands of the industry and the expectations of the end-users. As a result, we create solutions that have a great impact on the evolution of the IoMT market and are able to change the approaches to delivering healthcare services.

We always carefully test our apps to make them not only fully bug-free but also protected from external attacks. When working on the development of IoT applications, we pay special attention to the correctness of their connection with external devices. Even if it is impossible to get access to the devices themselves, our developers create special software for emulating the necessary environment and the interaction.

Sometimes, during testing, we learn that the technical characteristics of the IoT device do not allow the app to perform correctly, which also may lead to serious security vulnerabilities. In such cases, we always share the results of our testing with the client, in order to solve the issues before the IoMT solution is actually implemented.

We’ve described our approach to testing IoT software in one of our previously published blog posts.

Latest trends and technologies in IoMT security

Given the continuously evolving methods used by hackers to attack connected devices, security teams should regularly update their systems and strategies to ensure the required protection. Below you can find a couple of the latest trends that are gaining popularity in the IoMT security these days.

  • Blockchain. Thanks to a distributed architecture, near-immutability, and provided transparency, this technology enables secure storage of the most sensitive data. All the above-mentioned characteristics of blockchain make it a preferred choice to ensure IoMT data integrity.
  • Artificial intelligence. AI can be used by security teams to increase the accuracy of vulnerability detection. AI-powered tools can continuously track the performance of IoMT systems and connected devices to identify any anomalies in their behavior that can be indicators of external attacks.

Instead of a final word

IoT in general and IoMT, in particular, are among the domains where our specialists have the richest expertise. Our portfolio already includes a collection of successfully launched solutions that stand out from the crowd, not only for their functionality but also for a high level of security.

We will be happy to provide our IoT development services and to help you in building IoMT solutions of any complexity and scale.

Leave your message on our website and we will contact you as soon as our seasoned experts analyze your inquiry.

FAQ

What is IoMT security?

IoMT security can be explained as a data protection and cybersecurity strategy that helps to reduce the probability of external attacks on IoMT devices. Connected devices used in the healthcare industry interact with a lot of sensitive medical data which often attracts hackers and other fraudsters. That's why it is crucial to pay special attention to device security.

How does cybersecurity relate to the internet of medical things?

In the case of medical devices, data breaches can lead to a situation when personal information is simply stolen by fraudsters in exchange for money. But there can be even more serious consequences, such as disrupting necessary treatment, leading to unnecessary deaths of patients.

It’s obvious that these breaches can’t be allowed to put patients’ health and lives at stake.

Which cybersecurity solution would help with IoMT?

The main point that we’d like to highlight is that when we are talking about IoMT security solutions, each case should be analyzed individually. When you have IoMT software and what to increase its security or you are working on your custom product, developers will provide security tools based on the peculiarities, functionality, and tech stack of your software. There is no one-fits-all solution when you want to enhance cybersecurity on the internet of medical things apps.