How Well Can You Keep Track of Every THING on Your Network?

Jonathan Langer

Jonathan Langer

Jul 4


The Value of IoT Management

TVs, cameras, coffee makers, air conditioners and lightbulbs are all getting smarter and connected – Statistica forecasts the number of Internet connected things (IoT) will reach nearly 27 billion by the end of this year and 75 billion by 2025. If you’re like most clinics and hospitals, you have very little visibility into which of these things are in your environment, never mind what they are doing, which creates a huge and dangerous blind spot for your organization.

Most of these things were built with convenience, not security in mind, so they often have vulnerable web, mobile and cloud interfaces, unprotected storage, unencrypted communications, insecure pairing procedures and hardcoded backdoors that can be exploited. Once compromised, these seemingly innocent things can be used to eavesdrop, steal information or gain entry to your network to perpetrate other attacks.

For example, research found that security cameras are the most hacked IoT devices. If an attacker compromises a surveillance camera in your hospital, they can use it to gain access to your network and move laterally to compromise your medical devices and clinical databases. Basically, they would have access to a wealth of personal health information (PHI) they could hold hostage or steal and sell on the black market. The impact of a successful attack can be devastating – the WannaCry cyberattack cost the NHS £92 million.

This scenario is closer to reality than you may like to think. The Mirai botnet accessed and compromised a large number of security cameras and other IoT devices. An attacker could easily use one of these compromised cameras to attack Philips’ IntelliVue Patient and Avalon Fetal monitors, which has known vulnerabilities that could “allow an attacker to read/write memory, and/or induce a denial of service through a system restart,” which means they can exfiltrate patient data, change the data displayed on the screen, or shut down the system “leading to a delay in diagnosis and treatment of patients.”

How to Protect Yourself from IoT Threats

It’s time to get visibility into all the things in your environment, so you can protect your operations from any threats they introduce. You need:

Comprehensive Device Discovery

You need to be able to see all the devices in your network, including:

  • Internet of Medical Things (IoMT): MRI machines, infusion pumps, etc.
  • Clinical devices: smart beds, thermostats, oximeters, microscopes, etc.
  • General IoT: security cameras, HVAC units, refrigerators, etc.

It is not enough, however, to know that a device exists, it is critical to know exactly what kind of device it is and what it is doing. This requires detailed device fingerprinting that can identify the device type, make, and model, as well as any embedded software and protocols in use.

Most solutions don’t have the extensive device database needed to differentiate between different device types, particularly within the biomed infrastructure, so it is vital to have a solution that can identify medical devices and clinical protocols, as well as general IoT. You will also want to know granular device attributes, such as operating system (OS), firmware version, serial number, etc., as well as baseline behaviors, so you can better assess risk and employ efficient security policies.

Contextual Behavioral Anomaly Detection

Once you have visibility into all the devices in your network, you need to understand what they are doing to identify potential security incidents. Recognizing that every device has its own unique network behavior – in fact, it is not uncommon for the same device with different firmware versions to have completely different network profiles – it can be challenging to know what is normal and what is anomalous. Through a deep understanding of device types and continuous analysis of device and network communications, as well as medical workflow patterns, you can accurately baseline behavior to identify anomalies that are threats, in real time.

For example, if there is traffic from a security camera to an MRI machine, it is likely there has been a compromise. Or if an infusion pump starts connecting to a payment terminal, there is probably an attacker in your network. If you have a deep understanding of all the devices in your network and what they are supposed to be doing, it can be easy to spot and shut down a threat.

Clinical Policy Enforcement

The last step to protecting the privacy and integrity of your data and operations from any threats originating from your medical, clinical and IoT devices, is to actively prevent attacks. The ability to enforce clinical policies, based on device type and functionality and best practice standards, will enable you to mitigate risks from all the devices in your network and support your compliance objectives.

Being able to segment your network, based on device types and models, will also help you contain risks. For example, you can segment IV pumps or make sure that HVAC units are not able to communicate with any of your medical devices. With deep device expertise, you can ensure only devices that should be talking to one another can, and everything else is blocked.

Medigate Platform

Only Medigate’s Device Security and Asset Management Platform has the database and expertise to be able to fingerprint and analyze medical, clinical and general IoT devices to effectively enforce policies and segment traffic to keep your data and operations intact. With Medigate, you:

  • Gain Full Visibility with ongoing discovery of exactly what medical, clinical and general IoT devices are in your environment, as well as their specific location and utilization, you can immediately locate a device and understand its activity.
  • Contextual Behavioral Anomaly Detection with a deep understanding of device types and the ongoing analysis of device and network communications, as well as medical workflow patterns, you can accurately spot and shut down activity that poses a risk to your environment, in real time.
  • Clinical Policy Enforcement with automated implementation of clinically-based policies to maintain security. You can ensure each and every medical device is accounted for and secured, at all times, to maintain compliance.

For more information on how Medigate can help you gain control over all the devices in your network, please contact us at or visit