News

Crucial Asimily Report Exposes Deep Security Flaws in Hospital IoMT Management, Jeopardizing Patient Safety

Posted on by Bruce Nguyen
20
Dec

A new report from Asimily, a leading platform for IoT, OT, and IoMT risk mitigation, has cast a stark light on the cybersecurity landscape within North American hospitals. Titled “The State of Hospitals’ Cyber Asset Exposure Management in 2025,” the survey reveals critical disconnects between hospital security priorities and the grim reality of medical device risk management, potentially exposing patients to unprecedented dangers. Persistent visibility gaps and internal process breakdowns are identified as core culprits, leaving healthcare institutions vulnerable to operational disruption and direct threats to patient care.

The Alarming Gaps in IoMT Security Management

The comprehensive survey, which polled Chief Information Security Officers (CISOs) across North American hospitals, underscores an urgent demand for fundamental improvements. A staggering 43% of CISOs identified complete device visibility as the single most pressing challenge they wished to resolve immediately. This crucial need overshadowed concerns like ransomware threat detection (24%) and compliance automation (22%), highlighting a foundational struggle to even identify what devices are connected to their networks.

When asked about the biggest barriers to effective IoMT device risk management, the findings were equally concerning. One-third of respondents pointed to internal process issues, closely followed by a pervasive lack of visibility (30%) and data overload (20%). This suggests a systemic problem where institutions struggle not only to see their assets but also to manage the information and processes surrounding them effectively.

Fragmented Vulnerability Prioritization Adds to Risk

The report further exposes a dangerous fragmentation in how hospital security teams approach vulnerability remediation. Shockingly, only 22% of CISOs base their prioritization on device usage and criticality—the most effective method for focusing limited resources on the highest-risk assets. Instead, a significant 18% still rely on manual review, while an alarming 15% admit to having no clear process whatsoever for addressing IoMT vulnerabilities. Such an uncoordinated approach leaves critical medical devices, essential for patient treatment, exposed to known threats.

Shankar Somasundaram, CEO of Asimily, emphasized the complexity of the challenge. “Hospital CISOs are challenged with protecting many thousands of network-connected devices while navigating organizational silos, data overload, budget constraints, and ensuring patient care isn’t disrupted,” Somasundaram stated. He further reinforced that “visibility is the critical first step, but it has to be paired with the ability to prioritize and act on what you find. Hospital cybersecurity leadership needs strategies that can connect the dots between device discovery, risk prioritization, and remediation (including segmentation), while also working across the clinical engineering, IT, and security teams that share responsibility for these patient-critical systems.”

Asimily’s Roadmap for Stronger Cyber Asset Management

Based on these compelling findings, Asimily has issued a series of actionable recommendations to help healthcare delivery organizations fortify their cyber asset exposure management programs:

  • Unify Visibility Across All Asset Types: Implement platforms that offer a single, comprehensive view of IT, IoT, IoMT, and OT devices, thereby eliminating blind spots and facilitating holistic risk assessment.
  • Prioritize Vulnerabilities by Device Criticality and Usage: Move beyond basic CVSS scores. Integrate factors such as a device’s essential role in patient care and whether existing network segmentation already mitigates certain risks to optimize resource allocation.
  • Establish Clear Ownership and Communication Channels: Foster seamless collaboration between clinical engineering, health technology management, and procurement teams. Define clear responsibilities and ensure security teams are always informed when devices are added or modified.
  • Reduce Data Overload with Context-Aware Filtering: Refocus security dashboards to present actionable signals rather than overwhelming teams with raw alerts, allowing resource-constrained teams to concentrate on the most impactful issues.
  • Leverage GRC Capabilities to Track Configuration Drift: Define robust policies for device configurations and continuously monitor for unauthorized changes, whether initiated by third-party technicians or internal groups.

For a deeper dive into these insights and additional strategies for how hospital CISOs and other security/IT leaders can manage exposure across all cyber assets, the full report is available for download on the Asimily website.

Related posts:

  1. Is Salto XS4 Face truly a game-changer for access control with its advanced, privacy-focused face recognition technology?
  2. How do security systems ensure your online orders arrive safely, from the first click to final delivery?
  3. Toby Moulder triumphs in Electronic Fire & Security competition at WorldSkills UK National Finals, showcasing the future of skilled professionals.
  4. i-PRO Predicts a Future Dominated by Edge AI, Urgent Education, and Cyber Resilience in Security.
Bruce Nguyen

I'm a technology lover so I'm happy to share my knowledge with everyone.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x