US flag signifying that this is a United States Federal Government website

  Official website of the Cybersecurity and Infrastructure Security Agency

Official websites use .gov

A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

  1. About NICCS >>
  2. Featured Stories >>
  3. Secure the Internet of Medical Things this Infrastructure Security Month

Secure the Internet of Medical Things this Infrastructure Security Month

How often do you think about the electric plants and pipelines that supply us with reliable energy and clean water? What about the chemical facilities that manufacture the components in everything from medicine to smartphones? It’s easy to take this infrastructure for granted, but as more and more of it goes online, it becomes a vital part of the growing Internet of Things (IoT). IoT includes any device that sends and receives online data. This list grows longer as our online and offline lives become more intertwined—a list that now includes the apps, services, and devices that monitor our health and wellbeing.  

November is Infrastructure Security Month, and as more people turn to telemedicine, this month is a great opportunity to focus on our Nation’s healthcare infrastructure and the security of the connected devices that send, receive, and store our medical data—the Internet of Medical Things (IoMT).

While it’s tempting to think these devices are secure, the same rules that apply to keeping our data safe apply to protecting medical information. All over the world, cybercriminals are attacking healthcare systems. In September of this year, ransomware disabled IT systems at a hospital in Germany. A week later, here in the U.S., a similar attack disabled systems at Universal Health Services, seriously disrupting hospital operations. Healthcare systems are facing new and deadly threats, and good security starts at the ground level, with the individual. It’s vital to secure your medical devices with the same care you secure your computer or smartphone.  

To help secure your medical devices and records:

  • Check and update your security settings. Examine your devices’ settings and select options that meet your needs without putting you at risk. Also, be sure to install updates as soon as they become available. These updates often patch security vulnerabilities.
  • Use strong passwords. Passwords can be the only thing between hackers and your personal information. Choose long passwords with numbers and symbols, that are difficult to guess. Also, enable multi-factor identification (MFA) to add an extra layer of protection.   

By employing these simple best practices this Infrastructure Security Month—and throughout the year—we can easily safeguard our medical data and prevent it from falling into the wrong hands. This month is an ideal time to focus on healthcare-related devices. This year’s Infrastructure Security Month theme, Critical Infrastructure in a Time of Transformation, reflects the rapid adoption of technology as we adapt to the COVID-19 environment.

Huge technological leaps that drive advances in “med tech” are leading to the development of more connected medical devices that create, collect, and analyze data. A recent report shows that between 33% and 50% of consumers use online tools to measure their fitness and health, and between 20% and 35% of consumers use at-home monitoring devices.

Below are just a few examples of IoMT advances that demonstrate what medicine is now capable of:

  • Glucose monitoring. A condition that affects roughly one in ten adults, diabetes has spurred the creation of new interconnected medical devices that monitor and provide treatment. A Continuous Glucose Monitor (CGM) helps monitor blood glucose levels in real-time, by taking regular readings. The first CGM system was approved by the US Food and Drug Administration in 1999, and in recent years, smart CGMs have hit the market on a much greater scale.
  • Connected inhalers. Like diabetes, asthma is a very common condition that impacts millions. Smart inhalers are beginning to provide increased control over symptoms and treatment. Sensors attach to an inhaler and connect to an app, which helps the user understand what might be causing their symptoms, while tracking use of rescue medication and even providing allergen forecasts.
  • Depression monitoring. People with depression can use devices and apps to reliably monitor mood and cognition, assessing the effects of depression in real time. Like other smart medical devices that gather data, depression-monitoring apps can also give patients and healthcare providers greater insight into their condition and enable more informed conversations about care.

As beneficial as these advances are, they also bring new risks. The information on these devices must be as closely guarded as our financial and other personal data. The need to take proactive steps in medical device security is more crucial than ever. Thus far in 2020, data breaches have exposed the medical information as well as the names, Social Security numbers, State IDs, health insurance details, financial information, and driver’s licenses of more than 3.5 million people. Additionally, new online capabilities for pacemakers, defibrillators, and insulin pumps carry potential risk. Some of these devices may allow you to directly manage their settings, but for others, make sure you understand the risks and that device providers employ strong security to keep you and your data safe. 

To learn more about the IoMT and how to secure it, check out CISA’s tips on securing the Internet of Things and the National Institute of Standards and Technology’s (NIST) recommendations on managing IoT risk.