Securing IoMT – A Case Study in a Swiss Hospital

Abstract

Hospitals are considered critical infrastructure. Medical device connectivity is rapidly growing and with it is the potential attack surface. Healthcare delivery organizations face an increasing challenge trying to secure medical technology due to a myriad of reasons elaborated in this work. Every stakeholder is ultimately responsible to limit the attack surface of medical devices and perform their due diligence, this includes the hospitals. This work specifically targets, investigates, and concentrates on the deficiencies and potential countermeasures that hospitals should take in order to securely operate IoMT devices. The findings and deliverables were created on the basis of literature research and a primary data collection effort through a case study with interviews and observations conducted in a Swiss general hospital. The case study mostly corroborated the literature research’s findings and provided additional insight into the maturity of the hospital. Some considerable information security gaps in the medical device security field were confirmed, for which this work suggested a systematic remediation approach.