By In today’s healthcare environment, the growing reliance on connected medical devices is transforming patient care — but it’s also creating serious cybersecurity challenges. A recent report by Asimily sheds light on the critical vulnerabilities healthcare delivery organizations (HDOs) face in securing their Internet of Medical Things (IoMT) infrastructure.
These devices, which are central to diagnostics, treatment, and monitoring, must operate continuously and without error. Unfortunately, that very dependence makes them a prime target for cyberattacks. Even brief disruptions can have severe consequences for patient safety and clinical operations.
Stephen Grimes, a healthcare technology consultant, emphasized the urgency of the issue. He advocates for strategic risk mitigation and comprehensive cybersecurity planning, noting that HDOs need to move swiftly to implement scalable defense systems tailored to their expanding networks of connected devices.
The report paints a stark picture: with constrained budgets and a proliferation of networked equipment, IT teams are often overwhelmed. But it also makes a compelling case that proactive investment in cybersecurity pays off, both by reducing long-term costs and by protecting critical systems.
Key takeaways from the report include:
- Mounting cyber threats: Hospitals are facing an average of 43 cyber incidents annually, many of which succeed. Ransomware, unapproved communications between devices, and vulnerabilities in third-party software are the top concerns. Alarmingly, 44% of HDOs experienced a breach linked to external vendors over the past year.
- Life-threatening consequences: Beyond financial losses — which average over $10 million per breach — cyberattacks have tangible effects on patient health. Data shows a 20% rise in patient mortality linked to these incidents. Operationally, many hospitals report treatment delays and longer hospital stays following an attack, putting further strain on already tight margins.
- Device vulnerability: On average, each medical device contains over six vulnerabilities. Compounding the risk is that a large share of this equipment is aging, with more than 40% nearing end-of-life and lacking manufacturer support.
- Resource limitations: Even when vulnerabilities are identified, many HDOs can only resolve a small percentage each month due to staffing and budget constraints, allowing risks to persist longer than they should.
- Diminishing value of cyber insurance: Once considered a fallback, cyber insurance is now offering limited protection. Payout caps and exclusions have increased, while the reputational damage from breaches remains unaddressed.
Kevin Torres, Vice President of IT and Chief Information Security Officer at MemorialCare, noted the importance of visibility and standardization in security practices. By adopting Asimily’s tools, his organization achieved near-complete compliance with national standards and significantly improved its oversight of device-related risks.
As the report makes clear, healthcare providers can no longer afford to view cybersecurity as a secondary issue. Connected systems are now integral to care delivery. Protecting them means safeguarding not just data, but the wellbeing of every patient who relies on modern medical technology.