What's Happening?
A recent report by risk mitigation platform Asimily highlights significant cybersecurity challenges faced by the healthcare sector due to the rapid expansion of the Internet of Medical Things (IoMT). The
report, titled 'The State of Hospitals’ Cyber Asset Exposure Management in 2025,' reveals that 93% of healthcare organizations experienced cyberattacks in the past year. A major issue identified is the lack of complete device visibility, with 43% of Chief Information Security Officers (CISOs) citing it as their most urgent challenge. The average hospital now manages approximately 350,000 connected devices, yet many remain unmonitored due to internal process breakdowns and lack of communication between clinical engineering and IT security teams. This situation has led to 'shadow IT,' where devices are deployed without proper security oversight, increasing vulnerability to cyber threats.
Why It's Important?
The findings underscore a critical need for improved cybersecurity measures in the healthcare industry, which is increasingly reliant on connected medical devices. The lack of visibility and coordination in managing these devices poses significant risks, not only to patient safety but also to the financial stability of healthcare organizations. Cyberattacks can lead to substantial financial losses, with incidents costing an average of $3.9 million. The report suggests that hospitals must transition from reactive patching to proactive risk management strategies, emphasizing the importance of unified visibility and clear ownership channels for device security. Addressing these challenges is crucial to safeguarding sensitive patient data and ensuring the uninterrupted delivery of healthcare services.
What's Next?
To mitigate these cybersecurity risks, the report recommends a cultural shift within healthcare organizations towards a holistic exposure management strategy. This involves integrating IT, IoT, and OT device management to eliminate blind spots and establishing clear communication and responsibility channels between clinical engineering and security teams. As hospitals prepare for 2026, those that successfully implement these strategies will be better positioned to protect their networks and maintain operational integrity. The report highlights the urgency of these changes, as the cost of inaction is becoming increasingly unsustainable.
