Securing healthcare, medical, and Internet of Medical Things (IoMT) devices

The medical and healthcare industry exists to improve patient outcomes, providing world-class care to those in need. The proliferation of IoMT devices across hospital systems follows suit, improving care outcomes and operational efficiency through the adherence to four primary business drivers, including:

1. Enhance patient outcomes through real-time monitoring and data analytics
   Connected medical devices enable continuous patient monitoring, providing healthcare professionals with real-time data streams that support proactive interventions. Remote patient monitoring systems, for example, allow clinicians to track patient conditions outside traditional clinical settings, enabling early detection of deteriorating signs and preventing costly emergency interventions. Advanced analytics platforms process vast amounts of device-generated data to identify patterns and predict potential health complications, supporting evidence-based treatment decisions and personalized care plans.
2. Improve patient experience via remote care and reduce hospital visits 
   IoMT devices greatly expands healthcare access, facilitating remote care delivery and allowing patients to receive quality healthcare services without frequent hospital visits. For example, home-based monitoring systems enable patients to manage chronic conditions while maintaining independence and improving their quality of life. Telemedicine platforms integrated with connected devices provide comprehensive remote consultations, reducing travel burdens and wait times. Mobile health applications connected to wearable devices allow patients to actively participate in their care management, improving adherence to treatment protocols and medication regimens.
3. Reduce costs and improve operational efficiency through automated processes
   Connected medical devices streamline clinical workflows and administrative processes, reducing manual tasks and minimizing human error. Inventory management systems, for instance, track medical supplies and equipment usage in real-time, optimizing resource allocation and reducing waste. Predictive maintenance capabilities for medical equipment prevent unexpected failures and reduce costly downtime, ensuring continuous availability of critical care resources.
4. Elevate safety and security standards for patient protection
   Medical IoT devices incorporate advanced safety features that enhance patient protection and clinical outcomes. Automated alert systems notify healthcare providers of critical changes in patient conditions, enabling rapid response to emergencies. Integrated safety protocols prevent medication errors and ensure proper device operation. Real-time monitoring capabilities allow for immediate detection of device malfunctions or anomalies, protecting patients from potential harm.

While IoMT technology clearly supplements the main business drivers of medicine and healthcare, it also creates an expanded attack surface that cybercriminals are increasingly targeting. The same connectivity that enables real-time monitoring and remote care also introduces vulnerabilities that can compromise patient safety and organizational operations. As healthcare organizations rush to deploy connected devices to capture these operational and clinical benefits, many are discovering that traditional security and update practices are insufficient to protect their expanding IoMT infrastructure.

The healthcare industry receives 100% to 200% more cyberattacks annually than any other industry, primarily due to the immense value of protected health information (PHI) and the critical nature of healthcare operations. The supply of sensitive patient data, combined with the safety-critical nature of medical devices, creates an attractive target for cybercriminals seeking financial gain or operational disruption.

Recent incidents highlight the escalating threat landscape facing healthcare organizations. The January 2025 Frederick Health ransomware breach resulted in the theft of 934,000 patient files, including NHS numbers and clinical notes—a violation disclosed months later in April 2025. Just days later, the FDA issued a safety alert for Contec CMS8000 and Epsimed MN-120 monitors, identifying vulnerabilities that could allow unauthorized remote access and data leakage. These incidents represent only the visible portion of a significantly larger security challenge affecting healthcare infrastructure worldwide.

The inherent vulnerabilities in healthcare environments compound the cybersecurity challenges. Healthcare systems are notoriously expensive, built for maximum uptime and longevity. Legacy systems often lack modern security features, yet, cannot be easily replaced due to regulatory requirements and operational constraints. For example, an Electronic Health Record (EHR) system created and installed decades ago would lack modern security measures and best practices; however, changing to a new EHR costs millions of dollars and can result in system-wide outages and loss of sensitive patient data. The risks of modernizing systems oftentimes are equal, if not greater, than the risks of remaining on a legacy system. Furthermore, network complexity in healthcare facilities creates numerous attack vectors, with medical devices, administrative systems, and patient networks interconnected in ways that can amplify the impact of security breaches. 

Traditional update methods prove inadequate for addressing the security challenges in healthcare environments; time-consuming and error-prone, traditional methods often result in inconsistent deployment across device fleets. Inconsistent deployment leaves some devices vulnerable while others receive protection, creating security gaps that attackers can exploit. Uptime requirements for safety-critical systems also prevent traditional maintenance windows, making it difficult to implement security updates without risking patient safety. Extended downtime during updates compromises patient care while creating operational disruptions. The complexity of coordinating updates across diverse device types and vendors often results in delayed or deferred security patches, leaving healthcare organizations exposed to known vulnerabilities. Protecting patients and operations against unknown cyber risks only compounds the security challenge.

Considering the vulnerabilities inherent to the medical industry, weighed against the innovative power of IoMT, presents a clear picture that the risks are worthwhile. Still, a plan is needed to update and maintain these devices while ultimately minimizing or avoiding the security risks and threats. Organizations relying on traditional update mechanisms face mounting threats to patient safety, regulatory compliance, and operational continuity as the connected healthcare ecosystem continues to expand. To mitigate possible threats while fully embracing the benefits of IoMT, healthcare and medical device OEMs need to enable robust and secure over-the-air (OTA) updates across the entire fleet, regardless of connectivity or device complexity. 

Medical-grade OTA updates must address the unique challenges of healthcare and medical environments while maintaining the highest standards for security, reliability, and compliance. Following best practices in security architecture and deployment strategies proves successful to establish a comprehensive framework for implementing secure OTA updates that protect patient safety while enabling the operational benefits of connected medical devices.

The safety-critical nature of the medical industry leaves little room for error or noncompliance. Organizations require comprehensive operational capabilities that support ongoing device management, monitoring, and troubleshooting while maintaining security and regulatory compliance. Operational excellence necessitates capabilities to monitor and react to vulnerabilities in a timely manner while maintaining ongoing oversight, including:

1. Real-time fleet monitoring: Real-time fleet monitoring provides healthcare organizations with comprehensive visibility into their connected device infrastructure, enabling immediate identification of security incidents, operational disruptions, or device malfunctions. Advanced monitoring systems track device health, network connectivity, update status, and security events across the entire fleet, providing dashboard views that enable rapid response to emerging issues.
2. Remote troubleshooting: Remote troubleshooting capabilities enable relevant stakeholders to diagnose and resolve device issues without requiring physical access to equipment, reducing response times and minimizing disruption to patient care. Remote troubleshooting is particularly valuable in healthcare settings where medical devices may be located in sterile environments or patient care areas where physical access is restricted.
3. Detailed audit logging: Comprehensive logging systems capture detailed records of all device activities, security events, and system changes, providing the audit trails necessary for incident response and regulatory compliance. Audit logs include information about OTA update deployments, configuration changes, security alerts, and user activities, creating a complete picture of device and system behavior over time. In healthcare environments where regulatory requirements demand detailed documentation of all system activities, comprehensive logging provides the foundation for maintaining compliance and supporting incident investigation efforts.

These best practices establish the foundation for secure, reliable OTA updates in medical environments, addressing the immediate security and operational challenges facing healthcare organizations today. However, the dynamic regulatory landscape and advancing technology ecosystem of IoMT require healthcare organizations to think beyond current requirements and prepare for future challenges. Building a resilient medical device infrastructure demands the anticipation of regulatory and long-term operational changes.

Investing in future-proof infrastructure better positions organizations to face emerging challenges while maintaining compliance, security, and operational excellence. Future-proofing medical device infrastructure requires strategic planning across regulatory compliance, technology architecture, and operational capabilities.

Regulatory landscape evolution

The regulatory environment governing medical device cybersecurity is constantly evolving alongside new advancements; agencies worldwide implement stringent requirements for connected medical devices. Staying ahead of mandates requires building adaptable systems that can maintain security without complete infrastructure overhauls.

Common compliance requirements: FDA 510(k), NIS2, HIPAA

The FDA's "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices" establishes clear requirements for secure update capabilities. Medical devices must include the ability to securely update software and firmware to address vulnerabilities, with updates that are cryptographically signed and verified to prevent unauthorized modifications. The FDA's Cybersecurity Guidance for 510(k) Submissions further defines specific requirements for software updates in regulatory submissions. Secure software and firmware updates must be thoroughly documented, also requiring updates with cryptographic verification. Manufacturers must demonstrate that updates do not introduce new unintended cybersecurity risks while ensuring devices have mechanisms for timely updates, whether through OTA delivery or manual processes. Additionally, a software bill of materials (SBOM) must be included to track third-party components and their associated vulnerabilities.

The NIS2 Directive significantly expands cybersecurity requirements for the healthcare industry in the European Union (EU), specifically including manufacturers of medical devices within its scope. Organizations must implement comprehensive cyber risk management measures, maintain clear incident-reporting processes, and secure patient data through proper storage and handling practices. The directive establishes stringent reporting obligations, requiring essential and important entities to notify competent authorities through an "early warning" within 24 hours of becoming aware of significant cybersecurity incidents, followed by detailed incident notification within 72 hours.

HIPAA's technical safeguards establish requirements that directly align with robust OTA update capabilities. Access control requirements mandate that regulated entities implement technical policies and procedures for electronic information systems, allowing only authorized persons to access ePHI. Audit control provisions require hardware, software, and procedural mechanisms to record and examine activity in information systems containing or using ePHI. Authentication procedures must verify that persons seeking access to ePHI are properly identified, while transmission security measures must guard against unauthorized access to ePHI transmitted over electronic networks. A HIPPA-compliant OTA update solution includes access control measures like RBAC and public key infrastructure (PKI), documents comprehensive audit logs, quickly identifies vulnerabilities, and assists in protecting sensitive ePHI.

Secure-by-design features to prepare for future regulations

Regulations answer emerging vulnerabilities, and although differences exist, the crux of the same: monitoring and timely adaptability lead to compliance. Organizations must anticipate future regulatory changes by integrating secure-by-design components for vulnerability tracing  and update distribution. Implementing flexible architectures can accommodate new security standards, reporting requirements, and operational procedures as they emerge. Furthermore, as vulnerabilities increase alongside the footprint of IoMT, secure and robust OTA update capabilities will only grow in criticality, becoming a core component within a secure infrastructure. 

Successful proactive compliance strategies establish governance frameworks that monitor regulatory developments, assess their impact on current systems, and implement necessary changes before requirements take effect. Proactive strategies also emphasize collaboration between regulatory affairs, IT security, and operational teams to ensure that compliance considerations are integrated throughout the technology lifecycle.

Considering the massive growth trajectory of IoMT alongside the extensive regulations and emerging vulnerabilities, it is clear that secure and robust OTA updates are essential in protecting patients and their data while providing the best possible, intelligent care. Selecting a battle-tested, market-leading OTA update solution ensures protection, and future proofing for OEMs looking to lead the charge in the growing vertical of connected health IoT.

Choosing Mender as your OTA update solution ensures fail-safe operations and longevity for safety-critical medical devices; with Mender, devices remain functional, secure, and relevant for patient care and business directives. As the leading OTA solution, Mender simplifies compliance and interoperability while maintaining timely update deployments across any range of connectivity situations and security parameters. A partnership with Mender provides a best-in-class solution to secure your organization's future in IoMT, guaranteeing operational success, and security while your team continues innovating ways to best serve the patient.