IoMT Security Starts with What and Where

Jonathan Langer

Jonathan Langer

Dec 31


When we set out to create a solution solely for medical device security, our team quickly realized you can’t secure a device without knowing everything about it – what it is, how it works and where it lives on the hospital network. Recognizing that locating and identifying connected medical devices is a key component to security, we realized we could offer hospitals and health systems additional value beyond security: automated asset management.

Automated asset management is an important part of any hospital or health system’s day-to-day operations. In addition to improved security, good asset management will enable a hospital to control costs and subsequently improve their bottom line by overseeing equipment, from intravenous pumps to defibrillators.

Particularly in today’s increasingly connected world, hospitals need complete medical device inventory visibility, including a device’s location, usage information, manufacturer details, departmental ownership, vulnerability status and risk categorization. Many of these data points are captured by a hospital’s computerized maintenance management system (CMMS), a common tool leveraged by the Healthcare Technology Management (HTM) department for compliance purposes, financial performance and productivity monitoring. Unfortunately, CMMS devices rely on manual data entry. The time and effort required to find and properly identify devices can be costly and with today’s staffing issues, devices can be overlooked.

This means many hospitals lack an actively updated list of medical devices to enable the tracking and identification of medical devices connected to their network. Moreover, medical devices in particular create a unique conundrum. While biomed teams own purchasing the technology, the IT department is responsible for network management. It may come as a surprise, but there is a severe lack of clarity around ownership of ongoing device management once one has been connected. So, who is responsible for updating and patching the devices, or taking them out of commission?

The combined lack of reliable asset management and ownership of ongoing medical device maintenance means information critical to security may slip through the cracks, which is unacceptable in today’s elevated threat environment. This blind spot can lead to patient data breaches and medical device tampering down the line.

By implementing a comprehensive security solution that features automated asset management, hospitals and health systems can address both the initial device identification need and ongoing device risk management need. Gone are the days of incomplete data. Instead, hospitals and health systems will have a reliable system specifically built to do this job for them.