Fortified Health Security is a recognized leader in healthcare cybersecurity, with a special focus on Internet of Medical Things (IoMT) security. Fortified’s CISO, Russell Teague, recently joined the HIMSSCast Podcast, hosted by Patty Enrado of HIMSS, to discuss the growing cyber threats targeting healthcare technology, especially those impacting medical devices and patient safety.
The Vulnerability of Medical Devices and Our Solution
One pressing issue in IoMT security that Teague raised is the vulnerability of medical devices, like IV pumps and ventilators, which play life-saving roles but often run on outdated software. These medical devices are not just isolated technologies; they’re deeply embedded in patient care and connected to hospital networks.
The problem? If these devices are compromised, it’s not just data at risk, patients are as well. Teague cited Scripps Health, where a ransomware attack disrupted patient care across Southern California explaining “these [medical] devices use a lot of embedded operating systems so there’s a number of inherent vulnerabilities that come with those technologies. Like a lot of them aren’t patched or within the patch management programs.”
To address this, Fortified advocates for a layered defense strategy. Imagine a hospital’s cybersecurity strategy as a ship with watertight compartments. By segmenting, Fortified ensures that even if one device is breached, the threat is contained and unable to sink the entire system. This approach isolates devices, limiting the spread of any cyberattack and preserving the integrity of the broader network.
Addressing Third Party Access Risks to IoMT Security
Another critical issue highlighted in the podcast was third-party access. Hospitals rely on third parties for device maintenance and support, which can increase vulnerabilities, creating additional entry points for cyber threats. Teague discussed how hospitals can mitigate these risks by implementing strict controls that limit third-party permissions to only what is necessary.
The Threat of Advanced Persistent Threat (APT) Groups
Teague also explored the growing threat of Advanced Persistent Threat (APT) groups, which frequently target healthcare data due to its high value and permanence. Since patient data cannot be altered like financial information, it holds lasting appeal for cybercriminals. To address this risk, Teague and Enrado discussed a zero-trust approach that restricts device communications to essential functions, enhancing security across individual devices and the broader network. As cyber threats continue to evolve, it’s vital for healthcare organizations to have a strong plan in place to improve IoMT security and detecting and responding to incidents. “Our job is to have the proper visibility to identify [threats] early, react, and respond to contain those incidents. And that’s really having a good incident response plan and having good incident response visibility,” said Teague.
Championing IoMT Security through Industry Collaboration
Through thought leadership discussions about IoMT security, like our recent feature on HIMSSCast, we foster partnerships with vendors and healthcare organizations to build a unified, resilient approach to cybersecurity. By advocating for regulatory change and empowering healthcare providers with practical, layered security solutions for IoMT security, Fortified is committed to elevating industry standards, securing patient data, and supporting operational consistency—together, one conversation at a time.
Want to hear more about IoMT security solutions? Listen to the full podcast here.
