* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/)
* Securing and Managing IoT...

# Securing and Managing IoT and IoMT Devices in Healthcare

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2022%2F03%2Fiot-iomt-devices-healthcare%2F)  
[](https://twitter.com/share?text=Securing+and+Managing+IoT+and+IoMT+Devices+in+Healthcare&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2022%2F03%2Fiot-iomt-devices-healthcare%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2022%2F03%2Fiot-iomt-devices-healthcare%2F&title=Securing+and+Managing+IoT+and+IoMT+Devices+in+Healthcare&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2022/03/iot-iomt-devices-healthcare/&ts=markdown)  
\[\](mailto:?subject=Securing and Managing IoT and IoMT Devices in Healthcare)  
Link copied  
By [Tapan Mehta](https://www.paloaltonetworks.com/blog/author/tapan-mehta/?ts=markdown "Posts by Tapan Mehta")  
Mar 14, 2022  
4 minutes  
[IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown)  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[healthcare IoT security](https://www.paloaltonetworks.com/blog/tag/healthcare-iot-security/?ts=markdown)  
[IoMT Security](https://www.paloaltonetworks.com/blog/tag/iomt-security/?ts=markdown)  
[IoT devices](https://www.paloaltonetworks.com/blog/tag/iot-devices/?ts=markdown)  
[IOT security](https://www.paloaltonetworks.com/blog/tag/iot-security/?ts=markdown)

Unit 42 researchers at Palo Alto Networks recently analyzed crowdsourced data from security assessments of more than 200,000 infusion pumps on the networks of hospitals and other healthcare organizations using [IoT Security for Healthcare](https://www.paloaltonetworks.com/network-security/iot-security-for-healthcare?ts=markdown) from Palo Alto Networks. This topic is of critical concern for providers and patients because security lapses in these devices have the potential to put lives at risk or expose sensitive patient data.

The[published findings](https://unit42.paloaltonetworks.com/infusion-pump-vulnerabilities/) show an alarming 75 percent of infusion pumps scanned had known security gaps that put them at heightened risk of being compromised by attackers. These shortcomings included exposure to one or more of some 40 known cybersecurity vulnerabilities, and/or alerts that they had one or more of some 70 other types of known security shortcomings for IoT devices.

## Widespread Medical Device Vulnerabilities

There is already a vast array of information about known vulnerabilities and approaches for securing these devices, thanks to the efforts of medical equipment makers, security researchers, cybersecurity vendors and regulators who have spent the past decade working to better understand cyber risks associated with use of infusion pumps and other connected medical devices. For example, the U.S. Food and Drug Administration (FDA) announced seven recalls for infusion pumps or their components in 2021, and nine other recalls in 2020.

There are also initiatives led by[industry](https://cmdc.umn.edu/) and[government](https://www.fda.gov/news-events/press-announcements/fda-brief-fda-issues-draft-guidance-remanufacturing-and-discussion-paper-seeking-feedback) aimed at [standardizing device information](https://www.paloaltonetworks.com/blog/network-security/treasure-trove-for-iomt-device-security/?ts=markdown) and establishing baseline security criteria for manufacturing these devices. Yet the average infusion pump has a life of eight to 10 years. The widespread use of equipment whose functional life is much longer than the life of its operating system has hampered efforts to improve security.

## IoT and IoMT Security Lifecycle

What does this mean for healthcare organizations with vulnerable clinical and non-clinical devices on their network today? There are steps that can be taken immediately to reduce exposure to medical device threats. We call this the [IoT Security Lifecycle](https://www.paloaltonetworks.com/resources/ebooks/the-healthcare-ciso-guide-to-iot-security?ts=markdown) approach:

**Step 1: Discover all IoT devices, managed and unmanaged, clinical and non-clinical.**

Employing device discovery will allow all stakeholders, including IT, security and biomedical teams, to get a full picture of what the medical device and IoT asset landscape looks like on the network.

**Step 2: Assess the risk of all devices with continuous monitoring.**

Accurate risk assessment allows IT security teams to continuously scrutinize devices, monitor their traffic patterns, segment devices and reduce the threat surface.

**Step 3: Define and enforce policies to only allow trusted behavior.**

Trust can be a vulnerability in and of itself. By implementing steps one and two, security teams have the visibility and context required to apply and enforce [least privilege access](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access?ts=markdown) policies.

**Step 4: Prevent any known IoT attacks.**

At this stage, a threat prevention mechanism that uses payload-based signatures to block advanced threats will ensure the most up-to-date security posture and defense against known threats across the network.

**Step 5: Detect and respond to unknown IoT threats.**

Crowdsourced data provides collective immunity by leveraging known medical device information, as well as behavioral analytics, to investigate previously unseen threats unique to the organization's environment.

**Step 6: Implement steps 1-5 in coordination with holistic clinical device management.**

Operational device data can help clinical teams identify devices, securely onboard them for use as required, optimize their performance based on usage data and safely retire them in compliance with industry regulations.
![The IoT Security LifeCycle is an approach that organizations can use to reduce exposure to cybersecurity threats related to IoMT devices on their networks.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/03/word-image-15.png)
Figure 1. The IoT Security LifeCycle is an approach that organizations can use to reduce exposure to cybersecurity threats related to medical devices on their networks.

## Automation Is Key for Securing and Managing IoMT Devices

The discovery of security gaps in three out of four infusion pumps reviewed by Unit 42 highlights the need for the healthcare industry to redouble efforts to protect against known vulnerabilities, while diligently following best practices for infusion pumps and hospital networks.

Medical devices need to be understood in the context of a complete clinical device management methodology to minimize risk to patients and the network. The ideal methodology for healthcare operations relieves both network security and clinical teams from the day-to-day burdens of securing and managing these devices.

By assessing device risk and then applying positive, risk reduction policies that are prioritized and automated, organizations can begin reducing their attack surface. Only by automating this entire lifecycle -- and continuously incorporating learnings to make further improvements -- can the persistent vulnerabilities in connected medical devices be secured.

To learn more, read the Unit 42 research, [Know Your Infusion Pump Device Vulnerabilities](https://unit42.paloaltonetworks.com/infusion-pump-vulnerabilities/). And if you're attending **HIMSS** this week, [schedule a time](https://register.paloaltonetworks.com/visitpaloaltonetworksathimssth?utm_source=bambu&medium=social&campaign=advocacy) to speak with our healthcare cybersecurity experts or visit us in **booth #1059.**

*** ** * ** ***

## Related Blogs

### [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Are SASE and Zero Trust the Key for Manufacturers Grappling with IoT?](https://www.paloaltonetworks.com/blog/2022/08/are-sase-and-zero-trust-the-key-for-manufacturers-grappling-with-iot-cyber-risks/)

### [Healthcare](https://www.paloaltonetworks.com/blog/category/healthcare/?ts=markdown), [IoT](https://www.paloaltonetworks.com/blog/category/iot/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown)

[#### MDS2: A Treasure Trove for Internet of Medical Things (IoMT) Security](https://www.paloaltonetworks.com/blog/network-security/treasure-trove-for-iomt-device-security/)

### [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### The Modern Firewall for the Enterprise of Connected Devices](https://www.paloaltonetworks.com/blog/network-security/the-modern-firewall-for-the-enterprise-of-connected-devices/)

### [Interview](https://www.paloaltonetworks.com/blog/category/interview/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### How Apps and Your Phone Can Expose Your Life Without Permission](https://www.paloaltonetworks.com/blog/2025/07/apps-and-your-phone-expose-your-life/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [SD-WAN](https://www.paloaltonetworks.com/blog/sase/category/sd-wan/?ts=markdown)

[#### Chart Your SASE Transformation with Prisma SD-WAN](https://www.paloaltonetworks.com/blog/2025/06/chart-sase-transformation-prisma-sd-wan/)

### [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Platformization Maximizes Security Efficacy \& IT Operations Efficiency](https://www.paloaltonetworks.com/blog/2025/04/platformization-maximizes-security-efficacy-it-operations-efficiency/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language