Healthcare has never been more connected or more exposed. While IT systems have long been the focal point of cybersecurity programs, today’s adversaries are exploiting something far more expansive: the extended Internet of Things (xIoT). These devices sit in every corner of modern healthcare delivery, yet remain largely unmanaged, unmonitored, and unprotected.
Phosphorus’s own deployment data shows the magnitude of this challenge: more than 70% of connected devices still run default credentials, and 68% operate with unpatched critical vulnerabilities—conditions adversaries know how to weaponize. Attackers like the Akira ransomware group have already demonstrated that IoT devices like unsecured webcams can serve as the perfect pivot point into networks.
As proposed HIPAA Security Rule updates move toward more explicit requirements around connected device security, leading CISOs are already mobilizing. Their strategies share a common theme: full-spectrum xIoT security is no longer optional; it’s foundational.
The Expanding Attack Surface: Where Healthcare Is Most Vulnerable
Modern hospitals are dense ecosystems of cyber-physical systems: IoMT devices, OT systems, IoT sensors, clinical workstations, building automation technologies, and more. This heterogeneity creates a level of exposure that traditional IT security tools simply can’t manage.
Consider the real-world case in which Akira ransomware operators pivoted from an endpoint running Endpoint Detection and Response to an unsecured IP camera, leveraging its vulnerabilities to encrypt files across the network. This pattern is repeating across healthcare, where attackers increasingly view IoT as the path of least resistance.
Consider the real-world case in which Akira ransomware operators pivoted from an endpoint running Endpoint Detection and Response to an unsecured IP camera, leveraging its vulnerabilities to encrypt files across the network. This pattern is repeating across healthcare, where attackers increasingly view IoT as the path of least resistance.
Phosphorus has seen these risks firsthand. One major healthcare provider turned to us after discovering that life-critical infusion pumps—valued at $120 million—were still running with default passwords, making them prime targets for ransomware. With traditional tooling, the provider couldn’t even accurately inventory their IoMT environment, let alone secure it. Phosphorus delivered a complete inventory in minutes and fully automated the password, firmware, and configuration hardening that had previously been unattainable.
The Regulatory Tides Are Shifting: What Proposed HIPAA Updates Signal
The proposed HIPAA Security Rule updates reflect what security leaders have long understood: connected device risk is a risk to patient safety.
Regulators are increasingly focused on:
Regulators are increasingly focused on:
-
Accurate, continuous asset inventories
-
Secure configuration baselines
-
Credential hygiene and rotation policies
-
Timely firmware updates or upgrades
-
Policies for end-of-life device management
-
Cross-functional accountability for connected device security
For CISOs, this directional push reinforces a reality already visible on the ground: partial visibility is no longer defensible. Blind spots across IoT, OT, and IoMT devices create cascading clinical, operational, and regulatory exposure.
How Leading CISOs Are Securing Their xIoT Ecosystems
Across large health systems, leading CISOs share a set of common practices for securing xIoT at scale—practices built on visibility and assessment, device hardening and remediation, and continuous monitoring and management.
1. Establish a Complete, Continuously Updated Asset Inventory and Assessment
Most healthcare environments underestimate their connected device footprint by orders of magnitude. Shadow IoT, unknown, unmanaged devices, remains one of the most dangerous blind spots in enterprise environments.
Leading CISOs are deploying intelligent active discovery that:
- Identifies every IoT, OT, and IoMT device safely and accurately
- Goes beyond IP/MAC addresses to uncover firmware, protocols, configuration details, and credential status
- Uncovers areas of risk, including default or weak passwords, vulnerable firmware, expired or self-signed certificates, and misconfigured devices.
Phosphorus’s unified platform provides this level of resolution without disrupting clinical workflows.
But discovery alone isn’t enough. Visibility without action is not a security strategy. Without the ability to harden, update, and remediate devices at scale, organizations simply move from ignorance to negligence, aware of the risks but unable or unwilling to address them. Leading CISOs emphasize that identifying xIoT exposures without acting on them only widens regulatory, operational, and patient safety risks.
2. Remediate the Highest-Risk Conditions: Credentials, Firmware, and Configurations
Default passwords, outdated firmware, and insecure configurations remain the primary xIoT attack vectors.
CISOs are prioritizing remediation workflows that:
CISOs are prioritizing remediation workflows that:
- Rotate default and weak passwords at scale with automated schedules
- Update, upgrade, or downgrade vulnerable firmware without operational disruption
- Disable unsafe protocols and services to harden device configurations
- Ensure certificate updates before expirations create security gaps
Phosphorus remains the only solution capable of automating all of these remediations across IoT, OT, and IoMT environments.
3. Deploy Continuous Monitoring and Automated Response
Given the diversity and velocity of xIoT devices, manual oversight doesn’t scale. Leading CISOs are adopting monitoring that detects:
- Device drift
- Out-of-date firmware
- Password or credential changes
- Appearance of prohibited or dangerous devices
- Lateral movement behaviors
Phosphorus enables continuous assessment and drift detection, integrating directly with existing SIEM, SOAR, and PAM systems for faster response.
4. Build Cross-Functional Governance Around xIoT Security
CISOs succeeding in this area aren’t treating IoT security as a side project; they’re operationalizing it across teams.
Effective programs include:
- Joint ownership between IT, Clinical Engineering, and Facilities
- Device lifecycle policies aligned with procurement and decommissioning
- Incident response playbooks that account for all devices
- Centralized reporting tied to HIPAA compliance and risk frameworks
As health systems face increasing regulatory pressure, this governance becomes essential to demonstrating due diligence.
Why Full-Spectrum Visibility Matters: A Single Weak Device Can Shut Down a Facility
Ransomware operators no longer need to breach a server to cripple a hospital; they just need one weak link. Printers, IP cameras, infusion pumps, HVAC controllers, badge readers, and other cyber-physical systems all present viable attack paths.
Phosphorus has scanned more than 6 billion IP addresses on behalf of its customers, uncovering hidden devices, outdated firmware, expired certificates, and risky devices that organizations never knew existed. Each discovery closes a potential pathway for attackers.
Healthcare leaders now recognize that the adversary’s advantage lies in obscurity. Remove the obscurity, and you remove the attack surface.
The Path Forward for Healthcare Security Leaders
The message from leading CISOs is clear:
You cannot protect what you cannot see and you cannot secure what you cannot manage.
As proposed HIPAA updates converge with increasingly aggressive IoT-driven threat activity, healthcare organizations must rethink their approach to connected device security. Automation, comprehensive visibility, and proactive remediation are no longer aspirational, they’re fundamental.
Phosphorus’s xIoT Security Management Platform is purpose-built to help healthcare organizations stay ahead of compliance expectations and adversarial tactics alike, delivering:
- Complete, safe discovery across IoT, OT, and IoMT
- Accurate risk and posture assessment
- Safe, automated management of passwords, firmware, certificates, and configurations
- Continuous monitoring and drift detection
- Seamless integration with existing IT and cybersecurity infrastructure
When the weakest device can take down your entire facility, there is no room for blind spots.
Join Us at the Health-ISAC Fall Summit
To learn more about how leading CISOs are strengthening their xIoT security posture, join us at the Health-ISAC Fall Summit, where Phosphorus Founder & CEO Chris Rouland will be presenting on this very topic.
You can also stop by our exhibit to see a live demo of the Phosphorus Unified xIoT Security Management Platform in action.
Not able to make the conference, request a demo at phosphorus.io.
Stay on top of xIoT news by signing up for our newsletter
Related Posts
You discovered a lot of xIoT devices! 6.8 Billion IP addresses scanned on behalf...
CISA’s latest joint advisory exposes a trend security teams have long suspected: pro-Russian hacktivist...
