HIMSS Survey: 60% of Health Systems Can’t Protect Unmanaged Medical Devices

The rapid proliferation of Internet‑of‑Medical‑Things (IoMT) devices has expanded the attack surface across hospitals, yet traditional endpoint solutions cannot reach many of these specialized machines. The HIMSS‑Elisity survey quantifies this dilemma: a majority of health IT leaders admit to critical blind spots, with 62% unable to protect unpatchable devices and 56% lacking clear inventory data. Without visibility, organizations cannot enforce effective policies, leaving them vulnerable to lateral ransomware moves that can cripple patient care.

Compounding the technical challenge is a cultural paradox. While 76% of respondents deem uninterrupted clinical workflows essential, 40% report that the prospect of network segmentation disrupts those very processes, stalling implementation. Simultaneously, cyber‑insurance underwriters are tightening reins—nearly half of surveyed health systems have faced demands for specific controls such as MFA, EDR, or segmentation during renewal. This regulatory pressure accelerates the need for solutions that reconcile security with operational continuity.

Modern identity‑based microsegmentation offers a pragmatic path forward. By leveraging agentless policies applied directly to existing network switches, providers can isolate each device without extensive network redesign or downtime. This approach not only satisfies insurer mandates but also aligns with Zero Trust principles, enabling rapid deployment, granular visibility, and compliance with HIPAA and HHS 405(d) standards. As hospitals grapple with mounting cyber risk, adopting such zero‑disruption segmentation could become a decisive competitive advantage.