TL;DR: Claroty argues that medical device security depends on continuous visibility, evidence-based risk scoring, and network enforcement across IoMT and OT, with Team82 research showing over 650 vulnerabilities disclosed and KEVs present in 99% of 351 healthcare organisations studied. The real issue is not whether devices can be scanned, but whether identity-aware controls can keep pace with clinical reality.
NHIMG editorial — based on content published by Elisity: What Is Claroty and How Does It Protect Medical Devices in Healthcare OT?
By the numbers:
- Claroty's Team82 has disclosed over 650 vulnerabilities as of mid-2025, feeding current threat intelligence into its CPS risk models.
- After analyzing more than 2.25 million IoMT devices and 647,000 OT devices across 351 healthcare organizations, Team82 found KEVs present inside 99% of organizations studied.
Questions worth separating out
Q: What breaks when healthcare teams do not know which connected devices are on the network?
A: When teams lack accurate device visibility, they cannot segment effectively, prioritise remediation, or prove that risky assets are under control.
Q: Why do IoMT and OT devices complicate zero trust in hospitals?
A: IoMT and OT devices complicate zero trust because many cannot run agents, patch quickly, or tolerate aggressive scanning, yet they still need precise access boundaries.
Q: How do security teams know if device risk scoring is working?
A: Risk scoring is working when it changes prioritisation, not just reporting.
Practitioner guidance
- Build a device identity register Create a living inventory that records device type, firmware, communication behaviour, clinical function, and lifecycle status so segmentation and remediation decisions have current context.
- Prioritise KEV-bearing devices first Use known exploited vulnerabilities, ransomware linkage, internet exposure, and clinical criticality to rank IoMT and OT devices for containment before broad patch campaigns.
- Wire discovery into enforcement Send enriched device attributes into microsegmentation or network policy tools so access decisions are enforced at the edge instead of staying in dashboards or reports.
What's in the full article
Elisity's full article covers the operational detail this post intentionally leaves for the source:
- Claroty xDome and CTD deployment context for healthcare and OT environments, including where each approach fits.
- Step-by-step explanation of the five discovery methods used to profile IoMT and OT assets without disrupting clinical operations.
- Team82 research summaries on healthcare device exposures, vulnerability trends, and remediation prioritisation.
- Integration detail showing how device attributes flow into enforcement platforms for network segmentation.
👉 Read Elisity's analysis of Claroty's medical device trust model →
IoMT trust models: what they mean for healthcare security teams?
Explore further
Device intelligence has become an access-control input, not just an inventory function. The article shows why healthcare teams can no longer treat IoMT discovery as a reporting exercise. When device attributes feed segmentation and enforcement, visibility becomes part of the control plane. That shifts the governance question from 'what do we have?' to 'what are we allowing it to do?' and that is where identity-style policy thinking belongs.
A question worth separating out:
Q: Who should be accountable for compensating controls on legacy medical devices?
A: Accountability should sit jointly with security, clinical engineering, and operations, because legacy medical devices are governed by both patient-safety requirements and cybersecurity risk. Organisations need named owners for exceptions, documented compensating controls, and review cycles tied to device lifecycle status. Without that, exception handling becomes permanent trust.
👉 Read our full editorial: Claroty's medical device trust model raises the bar for IoMT governance