The State of XIoT Security Report: 1H 2022
Download the Report
Claroty Logo


The Healthcare XIoT: Key Concepts to Understand

Ty Greenhalgh
/ October 28th, 2022

Historically, medical devices involved in physical processes have been air-gapped, isolated from healthcare IT networks and the internet. But with digital transformation, the growing interconnectivity of cyber-physical systems has given rise to the Extended Internet of Things (XIoT), which encompasses all connected devices within a network.

The XIoT presents ample opportunity for efficiency and performance advantages for healthcare organizations, but it also introduces new types of cyber risk that must be mitigated. To better understand the scope of what needs to be secured, let’s take a look at some key concepts related to the healthcare XIoT:

Core Healthcare XIoT Capabilities

Transducer, interface, and support capabilities are integral to the healthcare XIoT, enabling productive connections between medical devices, building management systems (BMS), operational technology (OT), information technology (IT), and other devices.

  • Transducer capabilities serve as the bridge that enables computing devices to interact directly with the physical world. Transducer capabilities include:

    • Sensing capabilities, which provide an observation of an aspect of the physical world in the form of measurement data. Examples include blood pressure monitoring systems and radiographic imaging.

    • Actuating capabilities, which encompass processes that execute physical actions. Examples include infusion pumps, cardiac electric shock delivery, electronic door locks, and robotic arms.

  • Interface capabilities enable device interactions, encompassing both device-to-device and human-to-device communications. These include:

    • Human-user interface, the ability for an XIoT device and people to communicate directly with each other. Examples include touch screens, haptic devices, microphones, cameras, and speakers.

    • Network interface, the ability to leverage a communication network, including both hardware and software. Examples of network interface capabilities include Ethernet, Wi-Fi, Bluetooth, LTE, and ZigBee. Every XIoT device has at least one enabled network interface capability.

  • Supporting capabilities provide functionalities that help enable other IoT capabilities. Examples include device management, cybersecurity, and privacy. 

The Role of the IoMT and OT

The Internet of Medical Things (IoMT) refers to connected devices and applications that directly relate to patient care, such as MRI machines, CT scanners, and vital sign monitors. IoMT devices connect to other types of assets within the broader healthcare XIoT.

 Unlike conventional IT devices, many IoMT devices interact directly with the physical world and can therefore be considered cyber-physical systems. To provide two examples, infusion pumps regulate the delivery of life sustaining medication, and implanted cardioverter defibrillators deliver electrical shocks and restore the heart to normal rhythms.

Beyond IoMT devices, other types of OT are also used to support critical healthcare processes, including PLCs, RTUs, and building management systems that control air filtration, power, vaccine refrigeration, and more. Typically managed by facilities engineers, OT often leverages internal connections to engineering workstations that can be accessed remotely for maintenance.

The High Stakes of Disruptive Attacks

When it comes to securing operations, the stakes are uniquely high for the healthcare sector, given the potentially life-threatening impact of failures or disruptions. For instance, emergency room doctors rely on a CT scanner’s availability and integrity to quickly diagnose stroke patients. A delayed or misdiagnosis due to a compromised CT scanner could easily result in loss of a patient’s motor functions, brain damage, or even death.

In September 2020, the first patient death attributed to a cyber attack occurred at Dusseldorf University Clinic in Germany. Ransomware targeting IT systems containing electronic health records inadvertently impacted OT devices connected to the network. As a result, all ER-bound heart and stroke patients were diverted. The nearest facility was 32 kilometers away, and one patient died in transport. 

White-hat hackers have demonstrated vulnerabilities in IoMT devices by increasing dosages or manipulating shocks that result in sudden death. Fortunately, such attacks have yet to be carried out in reality. However, the proven feasibility of such an incident attests to the urgency of securing the healthcare XIoT.

Common Mistakes and Key Considerations

Amid mounting cyber threats to healthcare, the Joint Commission has been directed by the Center for Medicare and Medicaid Services (CMS) to initiate audits on the cybersecurity for medical devices. Unfortunately, many healthcare organizations make one of the following mistakes:

  • Attempt to use existing IT security tools. This disjointed approach will inevitably fail, because IT security tools are fundamentally incompatible with the protocols and workflows used by cyber-physical systems—in many cases, these cannot even identify many assets and devices, let alone help secure them.

  • Use disparate, specialized tools to manage and secure cyber-physical systems separately from IT systems. This cumbersome, inefficient approach inevitably creates costly management overhead and visibility gaps.

In your effort to avoid these mistakes, it’s helpful to keep these three considerations in mind:

  1. Unlike IT, XIoT devices interact with the physical world. This ups the ante for potential risk implications, especially in a healthcare setting, where patients’ lives may depend on reliable device performance.

  2. Conventional wisdom surrounding IT security does not apply to the XIoT. Even the most seasoned IT security veterans should approach the XIoT with a beginner’s mindset.

  3. Traditional IT cybersecurity tools devices are incompatible with the XIoT, and attempting to use them will likely do more harm than good. To properly protect their XIoT, healthcare organizations need purpose-built cyber-physical security technology. 

The Value of a Unified Approach

These conditions make it abundantly clear that organizations need a new approach for securing this ever-expanding universe of the XIoT. The ideal solution is a truly unified approach that leverages:

  • Broad domain knowledge of the systems and workflows that underpin each vertical and environment leveraged in your organization’s network.

  • Deep capabilities, including full-spectrum visibility, risk and vulnerability management, threat detection, and secure remote access controls—all of which should also integrate seamlessly with an organization’s existing technology stack

There’s not yet an easy fix for ensuring reliable patient care amid security challenges driven by digital transformation and evolving cyber threats. But so long as healthcare cybersecurity teams understand that outside expertise and specialized tools are needed to properly protect the XIoT, they can begin the critical processes of doing so.

To learn how Claroty can help secure your healthcare organization's XIoT, request a demo.

healthcare XIoT

Featured Articles

Interested in learning about Claroty's Cybersecurity Solutions?

Claroty Logo
LinkedIn Twitter Facebook