IoMT Security and Healthcare Cyber Risk: Why Global Conflict Raises the Stakes for Connected Medical Devices

Geopolitical conflict is no longer a distant issue for healthcare organizations. It is a direct cybersecurity risk with real operational consequences. On March 2, 2026, HealthcareInfoSecurity reported that security experts are warning the current Iran conflict could spill into cyberattacks targeting healthcare organizations, including disruptive campaigns against hospitals, patient portals, VPN gateways, and other internet-facing systems. Reuters also reported on March 1 that cyber operations were already hitting Iranian apps and websites after the strikes, reinforcing how quickly military escalation can translate into cyber activity.

For healthcare providers, the most important takeaway is this: the threat is not limited to websites or email systems. According to Health-ISAC’s warning in the article, attackers may also target remote access paths, operational technology, and IoT environments that support medical devices and critical hospital infrastructure. That shifts the conversation from general healthcare cybersecurity to a more urgent and specific issue—IoMT security. When connected medical devices sit on poorly segmented networks, rely on legacy operating systems, or remain outside formal security monitoring, they become a practical path to clinical disruption.

That is why IoMT now belongs at the center of healthcare cyber strategy. Connected infusion pumps, imaging systems, patient monitors, smart beds, telemetry platforms, and other networked clinical assets are not just technology endpoints. They are part of patient care delivery. If they are disrupted, delayed, isolated, or used as a pivot point into broader hospital systems, the impact moves beyond IT and into diagnostics, surgery scheduling, communications, and continuity of care. The risk is operational, clinical, and reputational at the same time.

Federal guidance supports that view. The FDA states that medical devices are increasingly connected to the internet, hospital networks, and other devices to improve care, but those same features also increase cybersecurity risk. The agency also makes clear that these risks cannot be fully eliminated and that manufacturers and healthcare delivery organizations share responsibility for managing them. In practical terms, that means hospitals cannot treat medical device security as a vendor-only issue. Internal visibility, segmentation, monitoring, and response planning are now mandatory parts of risk management.

The broader healthcare policy direction points the same way. HHS’s Healthcare and Public Health Cybersecurity Performance Goals emphasize reducing internet-exposed vulnerabilities, enforcing multifactor authentication, maintaining asset inventory, strengthening vendor and supplier security requirements, and building processes for testing and mitigation. For IoMT-heavy environments, those priorities are especially relevant because many of the highest-risk weaknesses sit at the intersection of unmanaged devices, third-party access, and delayed remediation cycles.

From an InfoSight perspective, this moment exposes a problem many healthcare organizations still have not fully solved: they know their traditional IT environment better than they know their connected clinical environment. A hospital may have reasonable visibility into laptops, servers, and user accounts, yet still lack a complete, current, risk-ranked inventory of connected medical devices, biomedical systems, vendor-managed endpoints, and remote maintenance pathways. In a geopolitical threat spike, that gap becomes dangerous. Attackers do not need to breach every system. They only need to find the overlooked one that creates disruption fast. Supported by the threat pattern described in current reporting and the control priorities laid out by HHS and FDA, the immediate priority is to reduce blind spots around connected medical assets and their supporting infrastructure.

The right response is not panic. It is disciplined cyber resilience built around clinical reality. Healthcare organizations should start by identifying all internet-facing assets tied to patient operations, then validating which connected devices, remote support tools, and third-party pathways could be leveraged in a disruption scenario. From there, security teams should segment IoMT and clinical networks where feasible, restrict unnecessary privileged access, tighten remote connectivity, and prioritize remediation based on patient impact—not just CVSS scores. Health-ISAC’s guidance in the article aligns directly with that approach: harden external-facing assets, review access controls, patch exposed systems where feasible, and rehearse downtime procedures so care can continue even during degraded operations.

This is where mature healthcare cybersecurity programs separate themselves. Strong organizations do not just patch faster. They understand which assets matter most to care delivery, which systems are exposed, which vendors introduce risk, and how to keep clinical operations running when a cyber event occurs. In an IoMT environment, resilience depends on visibility, prioritization, and operational preparedness working together.

The strategic lesson is clear: healthcare cyber risk is now inseparable from IoMT risk. As geopolitical tensions rise, hospitals and health systems need to treat connected medical devices as part of the active threat surface—not as passive equipment sitting outside the security program. The organizations that can see that risk, quantify it, and act on it early will be in a far stronger position to protect both patient safety and business continuity.