Securing the expanding attack surface: IoT, OT, and mobile threats in healthcare

Note: This is the first of three articles, sponsored by Zscaler, examining how healthcare organizations can secure the expanding attack surface in a highly connected environment. The series will also explore how to manage third-party risk and build a secure healthcare ecosystem. Finally, we’ll delve into the future of AI-enhanced security in healthcare cyber defense.

Healthcare is becoming more interconnected than ever, with an expanding footprint of care delivery powered by IoT devices, operational technology (OT) systems, and mobile platforms. IoT devices monitor patients remotely, OT systems automate facility management, and mobile devices enable telehealth and staff mobility. While these technologies revolutionize care delivery, they also introduce unprecedented cybersecurity challenges. Each new device or system adds to an expanding attack surface, creating vulnerabilities that cybercriminals are eager to exploit.

Recent findings from the Zscaler ThreatLabz Mobile, IoT & OT Threat report reveal a staggering 45% increase in IoT malware attacks, with the U.S. as the top target. Healthcare, as the second-most targeted sector for ransomware, underscores the critical need for robust security measures. Healthcare leaders must understand these risks and adopt proactive strategies to protect their organizations.

The Expanding Attack Surface in Healthcare

IoT and OT Systems: Critical Infrastructure Vulnerabilities

The rapid adoption of IoT devices, such as connected medical equipment and remote monitoring tools, has outpaced security measures, leaving organizations vulnerable. Industries with heavy IoT usage, such as manufacturing, face significant risks, according to the ThreatLabz report, and these lessons apply directly to healthcare. Further, the report notes botnets like Mirai and Gafgyt dominate IoT malware attacks, targeting devices with minimal or outdated security.

Similarly, healthcare facilities rely on operational technology (OT) systems — from HVAC controls to automated pharmacy systems — that often lack modern security protocols.

A breach in these systems or devices could disrupt clinical workflows, lead to widespread operational disruptions, and compromise patient safety.

An unsecured infusion pump connected to the hospital’s network could be exploited to access sensitive patient data or disrupt clinical workflows. Worse yet, a malicious actor could use unauthorized access and malware to alter dosages, with potentially life-threatening consequences for patients. PACS are similarly vulnerable due to network connectivity and data sensitivity. The consequences with imaging range from ransomware attacks to image manipulations leading to misdiagnosis and incorrect treatment.

Such scenarios highlight the importance of securing IoT ecosystems through network segmentation, device authentication, and continuous monitoring.

Mobile Devices: Enabling and Complicating Telemedicine

Mobile devices have become vital for telemedicine and staff communication, but their use has opened new vulnerabilities. With the rise of encrypted malware — responsible for 86.5% of attacks in 2024 — and a doubling of XSS (cross-site scripting) attacks fueled by generative AI, healthcare organizations must prioritize securing mobile ecosystems. Staff bring-your-own-device (BYOD) policies and the proliferation of mobile apps for patient engagement further complicate the challenge. Without strong endpoint security measures, these devices can serve as entry points for attackers.

Why healthcare is a prime target

Healthcare’s expanding attack surface, characterized by the proliferation of interconnected IoT, OT, and mobile devices, makes it a prime target for cybercriminals. This interconnectedness, coupled with the industry’s critical role in patient care, a general lack of dedicated cybersecurity expertise, and lingering legacy infrastructures, creates a unique set of vulnerabilities that attackers are eager to exploit.

Healthcare organizations hold highly sensitive patient data, making them attractive targets for ransomware attacks. Additionally, disruptions to healthcare services can have life-threatening consequences, making healthcare organizations more likely to pay ransoms to restore critical systems quickly. ThreatLabz’s 2024 Ransomware report noted 312 ransomware attacks on healthcare organizations in the past year, many of which exploited known vulnerabilities in internet-facing systems. Adding to the challenges, data from CHIME’s 2024 Digital Health Most Wired survey reveals that organizations with lower security scores also struggle with interoperability and analytics.

Securing the expanding attack surface

The complexities of IoT, OT, and mobile device security demand a multi-faceted approach. These technologies have revolutionized healthcare, but their vulnerabilities mean they require consistent oversight and advanced solutions. Securing these systems involves addressing both technical and strategic challenges to ensure patient safety and operational resilience.

Strengthening IoT, OT, and Mobile Security

Healthcare organizations must adopt a comprehensive approach to secure their expanding attack surface. Bad actors can leverage easily exploited medical devices to move laterally across the network, launching additional attacks from compromised devices and maintaining communications with command and control (C&C) servers. To mitigate these risks, several key strategies should be implemented:

• Network Segmentation: Isolating devices from critical systems can reduce the risk of lateral movement during an attack, ensuring that a compromised device cannot easily spread malware or access sensitive information.
• Zero Trust Architecture: Enforcing least-privilege access ensures that each device or user can only access what is strictly necessary, reducing the potential for unauthorized access.
• Continuous Monitoring and AI-Driven Threat Detection: Identifying anomalies that might signal an ongoing attack allows for rapid response, minimizing the impact of any breach.
• Endpoint Security Policies: Mandating encryption, multi-factor authentication, and secure connections can protect devices from unauthorized access and data breaches.
• Secure App Development: Regular updates and vulnerability management can prevent attackers from exploiting known flaws in mobile applications.

For instance, network segmentation can prevent a compromised medical device from accessing electronic health records, mitigating the risk of further attacks. Continuous monitoring ensures that any lateral movement or command and control communication is detected and neutralized promptly. These proactive measures, along with AI-driven security tools, help organizations stay ahead of potential threats, as highlighted in the ThreatLabz Mobile, IoT & OT Threat Report.

Building Proactive Security Governance

Governance is the foundation of an effective cybersecurity program. It ensures that processes, people, and technology align to address risks comprehensively. Key steps include:

• Conducting regular risk assessments and penetration testing to uncover vulnerabilities before attackers do.
• Establishing strong vendor management protocols to ensure third-party partners adhere to rigorous security standards.
• Enhancing training and incident response to ensure all staff—not just IT teams—are prepared to recognize and respond to cyber threats.

Healthcare organizations must view governance as a living process, adapting policies and procedures as the threat landscape evolves. Training is particularly important, as human error remains one of the leading causes of successful cyberattacks.

Practical implications and call to action for leaders

Healthcare leaders must recognize that securing the expanding attack surface is not just a technical challenge but a strategic imperative. Practical steps include:

• Conducting a comprehensive audit of the organization’s IoT, OT, and mobile device landscape to identify connected assets, assess vulnerabilities, and understand usage patterns.
• Investing in scalable, cloud-delivered security solutions that provide advanced threat detection and flexible deployment options.
• Adopting a Zero Trust mindset across all systems and processes to minimize risk and enforce strict access controls.

For smaller organizations, partnerships with specialized cybersecurity vendors can provide the expertise and tools needed to address these challenges effectively.

Leading the charge to more dynamic, resilient cybersecurity

As healthcare’s digital transformation accelerates, so too do the risks associated with an expanding attack surface. By adopting proactive strategies and leveraging technologies like Zero Trust and AI-driven threat detection, healthcare organizations can protect patient care, ensure operational continuity, and safeguard their reputations. The stakes are high, but with the right leadership and tools, healthcare can remain resilient in the face of evolving cyber threats.

About Zscaler

Zscaler, a leader in cloud security, helps healthcare organizations protect patient data and critical systems with its Zero Trust platform. As the healthcare landscape becomes increasingly digital, Zscaler understands the importance of robust cybersecurity measures in ensuring secure and compliant operations.