Hospitals are facing mounting challenges in securing their network-connected medical devices, according to new survey data from Asimily, a risk mitigation platform covering IoT, OT, and IoMT systems.
The report, The State of Hospitals’ Cyber Asset Exposure Management in 2025, found that 43% of hospital Chief Information Security Officers (CISOs) cited full device visibility as their most urgent cybersecurity concern, ahead of ransomware detection (24%) and compliance automation (22%).
Internal process failures emerged as the primary barrier to effective risk management, with one-third of respondents pointing to workflow and communication breakdowns. Lack of visibility (30%) and data overload (20%) were also cited as key obstacles.
The survey highlighted inconsistencies in how hospitals prioritise vulnerability remediation. Only 22% of CISOs said they factor in device usage and criticality when addressing risks, the method considered most effective for focusing on high-risk assets. In contrast, 18% rely on manual review, while 15% have no structured approach at all.
Shankar Somasundaram, CEO of Asimily, said hospitals are under pressure to protect thousands of connected devices while managing organisational silos and budget constraints. “Visibility is the critical first step, but it has to be paired with prioritisation and action,” he said. “Hospital cybersecurity leadership needs strategies that connect device discovery, risk assessment, and remediation, while working across clinical engineering, IT, and security teams.”
Asimily recommends hospitals unify visibility across all asset types, prioritise vulnerabilities by device criticality and usage, establish clear ownership and communication channels, reduce data overload through context-aware filtering, and leverage governance tools to track configuration changes.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by visiting our LinkedIn page.
