43% of hospital security leaders name IoMT visibility as their top cybersecurity challenge, while internal process issues create the biggest obstacle to effective risk management.
Asimily released a new survey report examining the biggest challenges hospital chief information security officers (CISOs) face in securing connected medical devices and equipment. The findings show that persistent visibility gaps and internal process breakdowns are leaving hospitals exposed to operational disruption and patient care risk.
The survey of North American hospital CISOs found that 43% identified complete device visibility as the challenge they would most want to solve immediately, followed by ransomware threat detection (24%) and compliance automation (22%). When asked about their biggest barriers to effective IoMT device risk management, one-third pointed to internal process issues, closely followed by lack of visibility (30%) and data overload (20%).
The data also uncovered fragmentation in how hospital security teams approach vulnerability remediation. Only 22% of hospital CISOs base their prioritization on device usage and criticality, which is the most effective method for focusing resources on the highest-risk assets. Meanwhile, 18% rely on manual review and 15% report having no clear process at all for addressing IoMT vulnerabilities.
“Hospital CISOs are challenged with protecting many thousands of network-connected devices while navigating organizational silos, data overload, budget constraints, and ensuring patient care isn’t disrupted,” says Shankar Somasundaram, CEO of Asimily, in a release. “This survey reinforces that visibility is the critical first step, but it has to be paired with the ability to prioritize and act on what you find. Hospital cybersecurity leadership needs strategies that can connect the dots between device discovery, risk prioritization, and remediation (including segmentation), while also working across the clinical engineering, IT, and security teams that share responsibility for these patient-critical systems.”
Tips to Strengthen Cyber Asset Exposure Programs
Based on the survey findings, Asimily recommends healthcare delivery organizations take the following steps to strengthen their cyber asset exposure management programs:
- Unify visibility across all asset types. Adopt platforms that provide a single view of IT, IoT, IoMT, and OT devices to eliminate blind spots and enable holistic risk assessment.
- Prioritize vulnerabilities by device criticality and usage. Move beyond CVSS scores alone by factoring in which devices are most essential to patient care and whether network segmentation already mitigates certain risks.
- Establish clear ownership and communication channels. Ensure collaboration between clinical engineering, health technology management, and procurement teams to define responsibilities and ensure security is informed whenever devices are added or modified.
- Reduce data overload with context-aware filtering. Focus security dashboards on actionable signals rather than raw alerts to help resource-constrained teams concentrate on the highest-impact issues.
- Leverage GRC capabilities to track configuration drift. Define policies for device configurations and monitor for unauthorized changes made by third-party technicians or other internal groups.
The full report, including additional insights into how hospital CISOs and other security/IT leaders manage exposure across all cyber assets, is available for download.
ID 424892034 © Conceptcafe | Dreamstime.com
