Connected medical devices and IoMT trust: what teams need to know

TL;DR: Connected medical devices expand patient care but also widen attack surfaces, and Fortune Business Insights projects the global IoMT market will reach almost $188 billion by 2028 while 70.6 million Americans are expected to use remote patient monitoring by 2025, according to DigiCert’s source article. Digital trust is now a device identity and lifecycle problem, not just a network security problem.

NHIMG editorial — based on content published by DigiCert: Digital Trust for connected medical devices

By the numbers:

• 70.6 million Americans will use remote patient monitoring solutions by 2025, a 56.5% jump from 2022.
• A 2022 FBI report cited research showing that 53% of connected and IoT devices in hospitals had known vulnerabilities.
• The average medical device had 6.2 vulnerabilities, and 40% of end-of-life devices offered little to no security patches or upgrades.

Questions worth separating out

Q: How should healthcare organisations govern connected medical devices as identities?

A: Treat each connected device as a non-human identity with an owner, credentials, policy boundaries, and a lifecycle.

Q: Why do connected medical devices create identity security risk for hospitals?

A: Because they combine long lifetimes, network connectivity, and clinical dependencies, which makes trust failures hard to see and expensive to contain.

Q: What breaks when IoMT device trust is managed manually?

A: Manual trust management breaks at scale because certificates, integrations, and patch status drift faster than teams can track them.

Practitioner guidance

• Map every connected device as a governed identity Inventory pumps, monitors, gateways, and integrations as identity-bearing assets with owners, certificates, and renewal dates.
• Enforce certificate-backed authentication for device trust Require provable device identity before telemetry exchange, command acceptance, or clinical integration.
• Review cloud and EHR integrations as trust boundaries Audit every API and cloud connection that carries device data into clinical workflows.

What's in the full article

DigiCert's full blog covers the operational detail this post intentionally leaves for the source:

• How DigiCert positions digital certificates for device authenticity and data integrity across IoMT environments.
• The practical challenges of intermittent factory connectivity and how device trust is maintained during manufacturing.
• Why cloud integration for IoMT often creates custom-code maintenance burdens and where automation is used.
• How device trust is framed for manufacturers balancing patient safety, compliance, and connected operations.

👉 Read DigiCert's blog on digital trust for connected medical devices →

Connected medical devices and IoMT trust: what teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →