The Digitalist Team
January 26, 2023

Internet of Medical Things cybersecurity - it is more important than ever


min reading time

In recent years, the Internet of Things (IoT) has grown from arising technological innovations and inventions to devices and equipment that form part of our daily lives. Smart cars, office buildings, homes, and industries, as well as wearable devices and smart sensors, are ushering in anew era of digitization. However, there are sectors -such as healthcare-, in which IoT is of particular importance.

Internet of Medical Things (IoMT) is a collective name for connected devices, applications, and networks that are responsible for convenience and faster communication in patient care, maintaining human health, and, in some cases, even for life. Its technology is developing extremely fast,including the related IoMT hardware, sensors, data processing software, and specialized infrastructure. It is often called the healthcare IoT.

In this article, we will take a closer look at theInternet of Medical Things and demonstrate why cybersecurity plays a criticalrole in these smart healthcare solutions.

What is the Internet of Medical Things?

The Internet of Medical Things (IoMT) is often referred to as healthcare IoT. IoMT is a collection of hardware, medical equipment, and software that is connected with healthcare information technology systems via online networks.

Internet of Medical Things includes: 

●       Networks and gateways that transfer data foradditional processing.

●       Data sources and sensors that instantly captureand collect medical symptoms.

●       Data interpretation applications and software that provide special medical-related services.

●       Services for data storage and management to handle vast volumes of raw data and extract relevant information. 

Healthcare devices with wireless connections (wi-fi, bluetooth, zigbee, etc.) enable machine-to-machine communication and flexible data processing which is the foundation of the Internet of Medical Things. The majority of the data that is transferred through these systems is considered sensitive personal information.

According to Deloitte,the Internet of Medical Things market is estimated to be worth $158.1 billion in 2022 and isconstantly growing. However, this rapid growth and spread of use come with a price: authorities that supervise and regulate these systems have a hard time keeping up with the pace of development, therefore IoMT cybersecurity compliance is definitely a concern that should be addressed.

Although both are used in healthcare, it is important to know that the Internet of Medical Things is not the same as smart medical devices. Learn more about the importance of medical device regulations from a cybersecurity point of view in our previous article.

What categories does IoMT have?

On-body IoMT

On-body IoMT refers to wearable medical equipment linked to remote tracking or monitoring systems. On-body IoMT, as opposed to in-house IoMT, may frequently be utilized outdoors. Devices with glucose sensors are an excellent example of on-body IoMT. Diabetic individuals can wear them to monitor glucose levels constantly. The majority of these wearables immediately exchange data with the patient's clinician to facilitate prompt and precise treatment.

Heart rate monitoring with on-body IoMT

In-home IoMT

Patients are able to automatically transmit their medical data (i.e.: blood pressure or oxygen saturation etc.) to their healthcare provider or a hospital in real-time using the in-home Internet of Medical Things. This can help to prevent hospital read missions by identifying problems before they become critical.

Community IoMT

Community IoMT refers to the use of Internet of Medical Things devices over an extended geographic area. Mobility services, paramedics, and first responders employ these emergency response IoMT systems to track patient conditions outside of the hospital.

In-Hospital IoMT

Hospitals and clinics have to control the quality and supply of their medical assets over time, as well as understand how employees and patients move within the facility. Healthcare staff employs Internet of Medical Things sensors and other monitoring technologies to track all of these contacts so that administrators may have a thorough view of the hospitals' daily operations.

What are the main cybersecurity threats to the Internet of Medical Things?

As more IoMT devices and applications become accessible to patients that are connected to different networks to send data to physicians and hospitals, they become more vulnerable to hacking. This issue is exacerbated by the fact that the data is shared across numerous systems, resulting in various attack possibilities.

Any exploited vulnerability in the Internet of Medical Things may allow cybercriminals to perform a variety of maliciousactions, including  

●      gaining control of the IoMTequipment,

●      stealing private patient data,

●      stealing clinical records,

●      disrupting network traffic,

●      disrupting ongoing healthcare processes,

●      ransoming the IoMT device to gain profit.

Implications of unsecured IoMT

According to the latest statistics, the effect of ransomware attacks on healthcare is worrying and undermanaged at the sametime. Among other reports, this is demonstrated by the Ponemon Institute's published research titled "Insecurity of Connected Devices in Healthcare 2022" which went in-depth on the effects of unsecured IoMT on hospitals and patients.

According to the research: 

●      At least one ransomware assault was encountered by 43% of the respondents.

●      88% of cyberattacks apply IoMT devices.

●      The average expense of a databreach is much in excess of $1 million.

●      Tragically, 24% of cyberattacks result in raised mortality rates.

What is the current cybersecurity regulation for IoMT?

ETSI EN 303 645 - Cybersecurity Standard for Consumer IoT Devices is the first internationally applicable Cybersecurity Standard for IoT, including Internet of Medical Things devices. It establishes a set of minimum requirements for all consumer IoT devices as well as serves as a foundation for future IoT cybersecurity certification schemes.


Cybersecurity has critical importance in remote patient care


ETSI EN 303 645 does not prioritize protection against long-lasting and sophisticated cyberattacks that need continuous physical access to the device. Rather, the emphasis is on the technological controls and organizational policies that are most important intackling the most serious and pervasive security flaws. Overall, the Standard is intended to protect against simpler attacks on primary design vulnerabilities such as weak passwords.

ETSI EN 303 645 enables consumer IoT device manufacturers to provide a range of features that protect their clients' sensitive data while complying with privacy regulations such as GDPR.

CCLab’s solutions for the Internet of Medical Things

While the advantages and positive effects of the Internet of Medical Things devices are undeniable, implementing the IoMT comes with its own set of challenges, the most prominent of which is its security and privacy.

This is where CCLab medical solutions come into the picture as a reliable partner and support. We are an agile cybersecurity lab with adecade of extensive experience in cybersecurity compliance assessment projects.

We provide a comprehensive solution for our customers, whether it is a cybersecurity compliance evaluation of their IoMT devices or an assessment against medical device cybersecurity regulations. Our professionals accompany the customers throughout the entire process: our consultants provide support to prepare, then the evaluators of our testing laboratory inspect the device according to the chosen standard or requirements.

We are equipped and qualified to help with

●      MDR/IVDR regulation compliance projects;

●      Common Criteria certificate consultations and assessments for IT products and systems;

●      Evaluations according to the ETSI IoT cybersecurity standard;

●      Standalone vulnerability assessments.


The Internet of Medical Things has fundamentally changed modern healthcare and patient treatment in recent years. IoMT ensures minimum human intervention throughout different healthcare processes and routine patient visits. Besides the convenience, IoMT also radically decreases the costs of patient care while boosting the efficiency of healthcare professionals.

On the other hand, the numerous advantages of the Internet of Medical Things, are overshadowed by the connected devices, networks, and applications that are unprotected or vulnerable to security- and privacy-related attacks. ETSI EN 303 645 is the first globally applicable cybersecurity standard that sets fundamental requirements for all consumer IoT devices (including IoMT) as well as acts as a framework for future IoT cybersecurity certification schemes.

Manufacturers and distributors of IoMT are responsible to ensure that their products that handle sensitive personal information, as well as their consumers who buy them, are safe from malicious cyber attacks. One of the most effective ways is by complying with current cybersecurity regulations and standards, for which CCLab offers a professional and comprehensive solution.

Get in touch with us to discuss the details!

Related downloadables

ETSI  EN 303 645 infographics for Consumer IoT devicesETSI  EN 303 645 infographics for Consumer IoT devices

ETSI  EN 303 645 infographics for Consumer IoT devices

ETSI  EN 303 645 infographics for Consumer IoT devices

Download our ETSI EN 303 635 infographics today and learn about the product certification process for this consumer IoT device cybersecurity standard.

download now
download now
Medical Device Cybersecurity e-bookMedical Device Cybersecurity e-book

Medical Device Cybersecurity e-book

Medical Device Cybersecurity e-book

Want to understand the MDR, IVDR regulation? Download our e-book on the latest requirements of medical cybersecurity

download now
download now
Risk Analysis infographics for MDR cybersecurityRisk Analysis infographics for MDR cybersecurity

Risk Analysis infographics for MDR cybersecurity

Risk Analysis infographics for MDR cybersecurity

The second stage of the medical device cybersecurity testing framework is risk assessment. This downloadable infographics introduces the risk analysis process to you.

download now
download now

Related news