What security threats are targeting IoMT devices (and how to prevent being hacked)

More health care organizations are leveraging the Internet of Medical Things (IoMT) to treat patients efficiently and accurately. Over the past few years, IoMT has seen significant growth. In fact, Frost & Sullivan estimates that there were 4.5 billion IoMT devices in 2015, a number that they expect to increase to between 20 and 30 billion by 2020.

Interested in more cybersecurity stats?

Unfortunately, the rise of IoMT devices results in a rise in vulnerabilities and opportunities for these IoMT devices to get hacked. When these smart devices aren’t secured, it can put patients at risk and damage a health care organization’s entire infrastructure.


Blog WearableDevice

Wearables Devices: This includes ECG monitoring patches, BioPatch to track a patient’s condition minute-by-minute, insulin pumps, blood monitors, and wearables where doctors and nurses monitor for patient vitals and conditions. Wearables have turned into a “must have” in the health care industry becoming more common and usage is expected to increase.

Blog ImplantableDevice

Implantable Devices: These include pacemakers, camera capsules, cardioverter defibrillators.

Blog AmbientDevice

Ambient Devices: Sensors that improves a patient’s room condition, including motion sensors, door sensors, room temperatures, vibration sensors, and pressure sensors.

Blog StationaryDevice

Stationary Devices: Home monitoring devices, connected imaging devices and surgical devices.



IoMT Attack Types

How are these devices getting hacked? Today, hackers are getting creative with their tactics finding new ways to hack into these devices and cause a security breach. Here are the threat vectors that need to be considered when developing an IoMT defense strategy:

Side channel: A side-channel attack takes advantage of information leakage and has proven to be powerful and effective. In the health care space, attackers could use side-channel techniques to steal patient data by monitoring electromagnetic activity around specific medical devices.

Tag cloning: This is when an attacker duplicates data gathered from a successful side-channel attack and uses it access unauthorized data, such as patients’ confidential information. Attackers can easily clone RFIDs.

Tampering devices: An attacker can physically tamper with sensors to partially or entirely stop or manipulate their functionality by exploiting firmware vulnerabilities to install malware that then allows them to take control of the device.

Sensor tracking: In patient monitoring devices that have GPS sensors, fall detection, or wheelchair management, the sensors will send the patient location to the doctor or monitoring facility in case of an emergency. Attackers can hack into these devices and either access the patients’ location, their sensitive data or even send inaccurate data.

Eavesdropping: When locating a smart device, a hacker can intercept wireless data transmitted by hardware devices. For example, a patient’s vitals can get intercepted during transmission, where that data can then be misused.

Replay: An attacker may reuse an authenticating message that was previously exchanged between legitimate users. For instance, the insulin pump OneTouch Ping was determined to be vulnerable to this type of attack in late 2016 because it lacked secure communication mechanisms.

Man-in-the-middle: An attacker can intrude on data and secretly replay and alter the parties’ communications. Since IoMT sensing devices often send and receive data (i.e., patient’s readings), altered data could lead to mistreatment such as medicine overdosage, or false results.

Rogue access: In this attack, an attacker installs a forged gateway within the wireless network range that allows a user access. In turn, the attacker intercepts that traffic without being seen.

Denial of service (DoS): This attack floods the smart devices with service requests, disrupting their availability. Attackers can also hack IoMT devices in botnets to employ infected devices without the owner’s knowledge.

Cross-Site request forgery (CSRF): This attack tricks the end user into acting on a vulnerable application without the user’s knowledge. The web interface of the IoMT device layer becomes vulnerable to the CSRF attacks if not configured properly.

Session hijacking: For smart devices that handle session connection at the web interface level, the interfaces become vulnerable to session hijacking. This allows an attacker to take over the session data and control it.

Cross-site scripting (XSS): This exploits IoMT applications by injecting specially crafted scripts to bypass access controls through web pages. The web interface of IoT devices connected to the cloud are vulnerable to these attacks.

SQL injection: An SQL injection attack is where an attacker executes malicious SQL statements to bypass the devices security measures where it can compromise sensitive patient data or modify critical data.

Account hijacking: An attacker can perform account hijacking by intercepting the communication performed between IoMT components while an end user is being authenticated. The rise of these attacks is a result of devices that have unpatched vulnerabilities.

Ransomware: During a ransomware attack, hackers encrypt sensitive data like patient records and hold it in exchange for money. This threat can start with just one machine, then spread throughout the entire whole network. This attack could also be successful simply by denying access to production IoMT devices; threatening patient safety until ransom is paid.

Brute force: This is the easiest way attackers can gain access to a server and IoMT devices since little protection is in place to thwart such attacks in IoT devices.


Defending against attacks

As you can see, there are a variety of ways attackers can find their way into your medical devices and negatively impact clinical operations, which is why ensuring that these devices are secure from today’s threats is crucial for every health care provider. Here’s how you can get started to today to defend against these attacks.

  • Security experts available 24x7x365: IoMT devices and hackers are working around the clock, where hackers are consistently finding new ways to steal information. By having trained security experts monitoring your network 24x7x365, it not only allows your in-house security team to focus on other IT projects, but they can alert you when threats do enter your network and remediate the threat.


  • SIEM: A security information event management solution can give a health care provider greater visibility into their networks and understand their network infrastructure and the different IoMT devices connected to it, making it easier to detect threats before devices can be compromised.


  • Patch Management: Not all IoMT devices can be patched for a variety of reasons. For those that can, patching your IoMT devices can eliminate the system’s vulnerabilities. When you implement a patch management process, make sure to note vulnerable devices that can’t be patched and that the remaining IoMT devices are properly patched to ensure prevention of the most recent threats.


Click here and view our cybersecurity health check ebook!

For health care providers, this is an immense undertaking. The reality is, IoMT devices are growing fast, and so are cyber threats. If you aren’t taking the proper steps to secure your IoMT devices, one of these threats will enter find their way into your facility and the result won’t be good.

If you’re not sure where to begin, we can help you. Contact us today for a free consultation and we can help you make sure that your healthcare organization is secure from today’s cyber threats!


Have you registered for our next event?