Challenges Ensuring the Security of Connected Medical Devices (Video)

2020 Michigan IT Symposium - November 10-12, 2020 - Innovative Solutions to Support the University Mission

Breakout Sessions: Tuesday, 2–2:45 p.m.

Michigan Medicine has thousands of embedded medical devices that work daily to ensure the improved health of patients. Internet of Medical Things (IoMT) range from pacemakers to MRI machines. IoMT manufacturers have focused primarily on functionality with cybersecurity more of an afterthought. Although prime hacker targets (because they contain ePHI which is 10x more valuable than credit card information), the cybersecurity of IoMT can lag core computing technology by 10 or more years, especially legacy devices. The FDA approval process, which freezes technology in time, can further delay IoMT resulting in years old technology being introduced into the healthcare market. The fragile nature of IoMT prevents it from being scanned directly for vulnerabilities that could disable a medical device performing a life-saving function.

Patient safety is at the forefront of medical device security. HITS IA Cybersecurity Risk Management is actively tracking, remediating, identifying, and mitigating (TRIM) IoMT vulnerabilities. In addition to refining our processes and procedures, we are integrating a passive network traffic scanning tool with our automated workflow software to identify and mitigate IoMT risks and vulnerabilities. Improving medical device security is a collaborative effort requiring cooperation among a variety of Michigan Medicine departments to manage the risk. 

In this session, learn about IoMT technology, tools, vulnerabilities, risks and mitigations associated with medical devices.


Brian Smith & Kelly Burns | HITS - Information Assurance - Michigan Medicine


  • Working in crisis mode: impacts & related content

Area(s) of Focus

  • Precision Health & Patient Care