* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Data Security](https://www2.paloaltonetworks.com/blog/network-security/category/data-security/)
* The Medical IoT Security ...

# The Medical IoT Security To Depend on When Lives Depend on You

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F12%2Fmedical-iot-security-to-depend-on%2F)  
[](https://twitter.com/share?text=The+Medical+IoT+Security+To+Depend+on+When+Lives+Depend+on+You&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F12%2Fmedical-iot-security-to-depend-on%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F12%2Fmedical-iot-security-to-depend-on%2F&title=The+Medical+IoT+Security+To+Depend+on+When+Lives+Depend+on+You&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2022/12/medical-iot-security-to-depend-on/&ts=markdown)  
\[\](mailto:?subject=The Medical IoT Security To Depend on When Lives Depend on You)  
Link copied  
By [Xu Zou](https://www.paloaltonetworks.com/blog/author/xu-zou/?ts=markdown "Posts by Xu Zou")  
Dec 05, 2022  
5 minutes  
[Data Security](https://www.paloaltonetworks.com/blog/network-security/category/data-security/?ts=markdown)  
[IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown)  
[Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)  
[internet of medical things security](https://www.paloaltonetworks.com/blog/tag/internet-of-medical-things-security/?ts=markdown)  
[IoT devices](https://www.paloaltonetworks.com/blog/tag/iot-devices/?ts=markdown)  
[IOT security](https://www.paloaltonetworks.com/blog/tag/iot-security/?ts=markdown)  
[Zero Trust](https://www.paloaltonetworks.com/blog/tag/zero-trust/?ts=markdown)

This post is also available in: [简体中文 (Chinese (Simplified))](https://www2.paloaltonetworks.com/blog/2022/12/medical-iot-security-to-depend-on/?lang=zh-hans "Switch to Chinese (Simplified)(简体中文)") [繁體中文 (Chinese (Traditional))](https://www2.paloaltonetworks.com/blog/2022/12/medical-iot-security-to-depend-on/?lang=zh-hant "Switch to Chinese (Traditional)(繁體中文)") [Français (French)](https://www2.paloaltonetworks.com/blog/2022/12/iot-medical-quand-la-securite-iot-devient-un-enjeu-vital/?lang=fr "Switch to French(Français)") [Deutsch (German)](https://www2.paloaltonetworks.com/blog/2022/12/verlaesslicher-schutz-fuer-lebensrettende-medizinische-iot-geraete/?lang=de "Switch to German(Deutsch)") [日本語 (Japanese)](https://www2.paloaltonetworks.com/blog/2022/12/medical-iot-security-to-depend-on/?lang=ja "Switch to Japanese(日本語)") [한국어 (Korean)](https://www2.paloaltonetworks.com/blog/2022/12/medical-iot-security-to-depend-on/?lang=ko "Switch to Korean(한국어)") [Español (Spanish)](https://www2.paloaltonetworks.com/blog/2022/12/medical-iot-security-la-solucion-de-seguridad-para-dispositivos-idc-medicos-en-la-que-confiar-cuando-la-vida-de-sus-pacientes-esta-en-sus-manos/?lang=es "Switch to Spanish(Español)")

### Protect every connected device with Zero Trust IoT security, tailor-made for medicine.

Connected medical devices are revolutionizing healthcare by helping enhance patient experience with quicker and more accurate diagnoses, reducing operational costs, increasing efficiency through automation, and improving overall patient outcomes. Connected clinical and operational IoT devices are used for everything, from patient monitoring to office systems. But, the same devices also expand the attack surface and are the weakest link for attackers to infiltrate the hospital network.

Healthcare has consistently been one of the[most breached industries](https://www.ic3.gov/) with [the highest average cost per breach](https://www.scmagazine.com/analysis/breach/healthcare-data-breaches-cost-an-average-of-10-1m-more-than-any-other-industry) compared to others over the past 12 years (2010-2022). Connected medical devices are a lucrative target as attackers can hold hospitals hostage for ransomware or steal valuable data as devices host patients' sensitive personal health information (PHI).

Research by Palo Alto Networks[Unit 42 Threat Research](https://unit42.paloaltonetworks.com/infusion-pump-vulnerabilities/) found that the medical devices are the weakest link on the hospital network as they bear critical vulnerabilities:

* 75% of infusion pumps studied had at least one vulnerability or threw up at least one security alert.
* Imaging devices, such as X-Ray, MRI and CT scanners were particularly vulnerable, with 51% of all X-Ray machines exposed to high-severity Common Vulnerabilities and Exposures ([CVE-2019-11687](https://nvd.nist.gov/vuln/detail/CVE-2019-11687)).
* 20% of common imaging devices were running an unsupported version of Windows.
* 44% of CT scanners and 31% of MRI machines were exposed to a high-severity CVE.

The volume of devices and their vulnerabilities are only the tip of the iceberg.

These modern medical devices are hard to protect for multiple reasons:

* Lack of visibility into unmanaged, connected medical devices impacts knowing the true attack surface.
* Unseen vulnerabilities, due to the lack of device context, exposes hospitals to unknown threats.
* Legacy security architectures (with flat networks and error-prone, manual methods to create security policies) can hinder compliance with regulatory requirements, such as the Health Insurance Portability and Accountability Act (HIPAA).
* Managing multiple-point security products creates complexity and security gaps.

Healthcare organizations need a comprehensive Zero Trust cybersecurity solution that can support their digital transformation journey, leading to better patient care outcomes while ensuring patient data privacy and regulatory compliance. Zero Trust is a cybersecurity strategy that eliminates implicit trust by continuously validating every stage of digital interaction. Rooted in the principle of 'never trust, always verify,' Zero Trust is designed to protect modern digital healthcare environments. The principle applies least privilege access controls and policies with continuous trust verification and monitoring device behavior to block zero-day attacks.

### **Only Palo Alto Networks gives you the most comprehensive and fastest way to Zero Trust security, so you can focus on providing the best patient care possible.**

Building on our current proven IoT security technology and based on a Zero Trust approach to security, Palo Alto Networks has introduced [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security) that uses machine learning (ML) to give healthcare providers an IoT security product designed specifically for medical devices. The solution helps quickly discover and assess every device, easily segment and enforce least privilege access, and protect against known and unknown threats with simplified operations. Additionally, the new product enables healthcare providers to improve security and reduce vulnerabilities:

* **Verify Network Segmentation:** Visualize the entire map of connected devices and ensure each device is placed in its designated network segment. Proper network segmentation can ensure a device only communicates with authorized systems.
* \*\*Automate Security Responses Based on Rules:\*\*Create policy rules that watch devices for behavioral anomalies and automatically trigger appropriate responses. For example, if a medical device typically only sends small amounts of data at night and suddenly begins to use a lot of bandwidth, the predefined rule can automatically cut off device connectivity from the internet and alert the security teams.
* **Automate Zero Trust Best Practice Policies and Enforcement:** Enforce recommended least privilege access policies for devices on supported enforcement technologies with one click. This eliminates error-prone and time-consuming manual policy creation and scales easily across a set of devices with the same profile.
* \*\*Understand Device Vulnerabilities and Risk Posture:\*\*Get immediate insights into the risk posture of each device, including end-of-life status, FDA recall notification, default password alert and unauthorized external website communication, MDS2, CVEs, behavior anomalies, Unit42 Threat Research and more. Additionally access each medical device's Software Bill of Materials (SBOM) and map them to Common Vulnerability Exposures (CVEs). This mapping helps identify the software libraries used on medical devices and any associated vulnerabilities.
* **Improve Compliance:** Easily understand medical device vulnerabilities, patch status and security settings, then get recommendations to bring devices into compliance with rules and guidelines, such as the Health Insurance Portability Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and similar laws and regulations.
* **Simplify Operations:** Two distinct dashboards allow IT and biomedical engineering teams to each see the information critical to their roles. Integration with existing healthcare information management systems, like AIMS and Epic Systems, help automate workflows.
* \*\*Meet with Data Residency Requirements:\*\*Medical IoT Security makes it easier for our customers in the US, Germany, Singapore, Japan and Australia to adopt IoT Security with local cloud hosting. The regional Medical IoT Security service availability ensures that the local data residency and localization needs, such as GDPR, are met.

## **Actionable Guidelines Provided with Medical IoT Security**

As the healthcare industry transforms itself to serve patients better, connected medical devices will continue to grow. Medical IoT Security, based on a robust Zero Trust framework, allows the industry to safely use connected clinical devices by providing actionable guidelines for securing their entire lifecycle. Medical IoT Security provides visibility, risk and action, allowing healthcare systems to achieve Zero Trust for all connected medical devices and applications.

To learn more about Medical IoT Security, read our white paper, [The Right Approach to Zero Trust for Medical IoT Devices](https://www.paloaltonetworks.com/resources/whitepapers/right-approach-zero-trust-medical-iot).

*** ** * ** ***

## Related Blogs

### [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Zero Trust for Infrastructure: A Key Step in Addressing IoT Security Risks](https://www2.paloaltonetworks.com/blog/network-security/zero-trust-iot-security-risks/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### A Brand New Fight: Securing Your AI-Powered Applications](https://www2.paloaltonetworks.com/blog/network-security/secure-ai-apps-by-design/)

### [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown)

[#### Don't Let Office IoT Devices Be the Weakest Link](https://www2.paloaltonetworks.com/blog/network-security/office-iot-devices-be-the-weakest-link/)

### [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### Leverage the Power of Self-Serve with ADEM](https://www2.paloaltonetworks.com/blog/sase/leverage-the-power-of-self-serve-it-with-adem/)

### [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Are SASE and Zero Trust the Key for Manufacturers Grappling with IoT?](https://www2.paloaltonetworks.com/blog/2022/08/are-sase-and-zero-trust-the-key-for-manufacturers-grappling-with-iot-cyber-risks/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Managing User Identity in a Cloud-First World](https://www2.paloaltonetworks.com/blog/network-security/user-identity-in-a-cloud-first-world/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language