10 IoT in Healthcare Examples

Last updated: May 2026

The Internet of Medical Things (IoMT) market is projected to reach $260 billion by 2027, with over 7 million IoMT devices deployed in smart hospitals by 2026. Connected medical devices are changing how patients are monitored, how medications are delivered, how surgeries are performed, and how hospitals operate. They are also creating new cybersecurity challenges that healthcare organizations must manage. These ten examples of IoT medical devices in healthcare illustrate how connected technology is transforming clinical care and what each device type means for hospital cybersecurity.

On this page:

• What Is IoT in Healthcare?
• 10 IoT Healthcare Examples
• The Security Challenge Across All Healthcare IoT
• How Asimily Helps Secure Healthcare IoT

What Is IoT in Healthcare?

The Internet of Things (IoT) in healthcare refers to the network of connected medical devices, sensors, and clinical systems that collect, transmit, and analyze patient data over hospital networks and the internet. These devices range from wearable monitors and implantable sensors to imaging systems and robotic surgical platforms.

When these devices are used in clinical settings, the category is commonly called the Internet of Medical Things (IoMT). IoMT devices are distinct from general enterprise IoT (printers, VoIP phones, building systems) because they interact with patients, process protected health information (PHI), and often directly affect clinical outcomes. A compromised smart thermostat is an inconvenience. A compromised infusion pump is a patient safety event.

The healthcare IoT market continues to grow rapidly. IoT Analytics projects 21 to 24 billion connected devices globally in 2026, with healthcare representing one of the fastest-growing verticals. The average hospital now has between 10 and 15 connected medical devices per bed, and large health systems may manage upwards of 350,000 IoMT devices across their facilities.

The clinical value is clear: better monitoring, faster diagnostics, more precise treatment, and greater operational efficiency through healthcare automation. The security implications are equally clear: each connected device is a potential entry point, a source of sensitive data, and a system that must remain available for patient care.

10 IoT Healthcare Examples

1. Continuous Glucose Monitors (CGMs)

Over 38 million Americans live with diabetes, and effective glucose management is critical for avoiding both short-term emergencies and long-term complications. Traditional glucose monitoring required manual finger-prick tests that captured only a snapshot in time and missed dangerous fluctuations between measurements.

IoT-connected continuous glucose monitors use a small sensor inserted under the skin to measure glucose levels every few minutes, transmitting readings wirelessly to a smartphone app, a clinical dashboard, or a connected insulin delivery system. Modern CGMs from manufacturers like Abbott (FreeStyle Libre) and Dexcom (G7) provide real-time trend data, predictive alerts for dangerous highs and lows, and integration with insulin pumps for closed-loop automated dosing. Research shows that switching to real-time CGM significantly reduces diabetes-related ER visits and hospital admissions, with per-patient monthly care costs dropping measurably.

Security considerations: CGMs transmit patient health data over Bluetooth Low Energy (BLE), which has documented vulnerabilities, including eavesdropping and replay attacks. The data is classified as ePHI under HIPAA. When CGMs feed data to connected insulin pumps in closed-loop systems, a compromise could potentially affect medication delivery. Segmentation policies should isolate CGM data traffic from general hospital networks.

2. Remote Patient Monitoring (RPM) Systems

Hospital readmissions are one of the most expensive problems in healthcare. Remote patient monitoring addresses this by continuing data collection after a patient leaves the hospital, using connected devices that measure vital signs (heart rate, blood pressure, oxygen saturation, weight, temperature) and transmit readings to clinical teams for ongoing oversight.

RPM programs have demonstrated measurable clinical impact. UMass Memorial Health’s remote monitoring program for heart failure patients cut 30-day readmissions by 50%. CMS expanded RPM reimbursement codes in 2024 and 2025, accelerating adoption across health systems. RPM is now used for chronic disease management (heart failure, COPD, diabetes, hypertension), post-surgical recovery monitoring, prenatal and maternal health, and behavioral health check-ins.

Security considerations: RPM devices operate outside the hospital’s physical network perimeter, often on patients’ home Wi-Fi networks. Data transmission security depends on the device manufacturer’s implementation of encryption and authentication. Healthcare organizations must evaluate how RPM vendors protect data in transit and at rest, and ensure that the clinical dashboards receiving RPM data are properly segmented from other hospital systems. The Mars Hydro incident in 2025, which exposed 2.7 billion IoT device records, including WiFi credentials, demonstrated how cloud misconfigurations in IoT backends can compromise device data at scale.

Related: IoT Security: The Complete Guide to Protecting Connected Devices

3. Smart Infusion Pumps

Infusion pumps deliver medications, fluids, and nutrients directly into a patient’s bloodstream at precise rates. IoT-enabled infusion pumps add network connectivity for drug library updates, remote dose adjustments, integration with electronic health records, and real-time monitoring of infusion status, fluid volumes, and alarm conditions.

Smart pumps incorporate dose-error reduction systems that cross-reference programmed doses against drug libraries to catch potential medication errors. Clinical staff can monitor multiple patients’ infusions simultaneously from a centralized dashboard. Predictive analytics can flag pumps approaching end-of-fluid or detect occlusions before they trigger alarms.

Security considerations: Infusion pumps are among the most frequently cited medical devices in FDA cybersecurity advisories. The FDA recalled Medtronic MiniMed insulin pumps in 2019 after determining that someone nearby could wirelessly connect and change dosage settings. BD Alaris infusion pumps were subject to ICS-CERT advisories for vulnerabilities that could allow unauthorized firmware modifications. Because infusion pumps directly control medication delivery, a compromise could result in overdose or underdose. Network segmentation that restricts pump communication to only the EHR, drug library server, and management console is a critical control.

Related: Medical Device Vulnerability Management: A Practical Guide

4. Connected Imaging Systems (MRI, CT, Ultrasound)

IoT-connected imaging systems integrate with hospital PACS (Picture Archiving and Communication Systems), transmit diagnostic images to clinicians in real time, and enable remote radiologist access. AI-augmented imaging analysis can flag potential findings for radiologist review, accelerating diagnosis for conditions like stroke, where minutes affect outcomes.

Cloud connectivity enables vendor remote support, firmware updates, and predictive maintenance that reduces unplanned downtime. IoT sensors on imaging equipment monitor performance metrics (magnet helium levels on MRI, tube usage on CT) and alert biomedical engineering teams before failures occur.

Security considerations: Imaging systems are large, expensive, and have lifecycles of 10 to 20 years. Many run end-of-life operating systems (Windows 7, Windows XP) that no longer receive security patches. They communicate using DICOM, a protocol with limited built-in security that transmits patient data and images, often without encryption, across the network. Forescout’s 2026 research identified DICOM gateways and medical image printers as among the riskiest IoMT device types. Compensating controls, including network segmentation and virtual patching, are often the only viable security measures for imaging systems that cannot be updated.

5. Wearable Health Monitors

Wearable health technology has moved from consumer fitness tracking into clinically validated medical monitoring. Devices like the Apple Watch (FDA-cleared ECG and irregular rhythm notifications), Samsung Galaxy Watch (blood pressure monitoring), and dedicated medical wearables (BioIntelliSense BioButton, Masimo W1) provide continuous measurement of heart rate, heart rhythm, blood oxygen, skin temperature, and activity levels.

Clinical applications include post-operative cardiac monitoring (wearable ECG patches replacing bulky Holter monitors), fall detection and emergency alerting for elderly patients, sleep apnea screening, and atrial fibrillation detection in at-risk populations. The data these devices generate feeds into clinical decision support systems, providing longitudinal health data that periodic office visits cannot match.

Security considerations: Wearable devices transmit health data over BLE, Wi-Fi, and cellular connections. Data aggregation platforms collect information from thousands of patients simultaneously, making them high-value targets for data theft. Wearables that connect to hospital networks for clinical integration must be inventoried, assessed for known vulnerabilities, and included in the organization’s segmentation policies. Pre-purchase security assessment should evaluate the manufacturer’s data handling practices, encryption implementation, and patch support commitments before clinical adoption.

Related: CISO’s Security Risk Assessment Guide for Medical Device Procurement

6. Automated Medication Dispensing Systems

Automated dispensing cabinets (ADCs) like BD Pyxis and Omnicell systems store, dispense, and track medications at the point of care. These IoT-connected systems integrate with EHR and pharmacy systems to ensure that the right medication reaches the right patient at the right dose. They maintain controlled substance logs, automate restocking workflows, and provide real-time inventory visibility across the hospital.

ADCs reduce medication errors, improve nursing efficiency (reducing the time spent locating and verifying medications), and provide audit trails for regulatory compliance. Some systems now incorporate biometric authentication and barcode verification at the point of dispensing.

Security considerations: Forescout’s 2026 research identified medication dispensing systems as one of the riskiest IoMT device categories. ADCs are connected to EHR systems, pharmacy databases, and often the hospital’s Active Directory for user authentication. A compromised dispensing cabinet could provide an attacker with access to patient medication records, controlled substance logs, and a lateral movement path into the EHR environment. These systems should be on segmented networks with strict access controls and behavioral monitoring.

7. Connected Surgical Robotics

Robotic-assisted surgery platforms like Intuitive Surgical’s da Vinci and Medtronic’s Hugo RAS use IoT connectivity for real-time data transmission, remote surgeon consultation, intraoperative imaging integration, and post-procedure analytics. These systems allow surgeons to perform minimally invasive procedures with greater precision than manual techniques, reducing incision size, blood loss, and recovery time.

Emerging applications include AI-assisted surgical planning that uses patient imaging data to pre-plan procedures, telesurgery capabilities that allow specialist surgeons to guide procedures remotely, and digital twin technology that creates virtual replicas of patient anatomy for pre-surgical simulation.

Security considerations: Surgical robotics systems require extremely high network reliability and low latency. Network disruption during a procedure is a direct patient safety risk. These systems also connect to imaging databases, patient records, and vendor cloud services for software updates and performance analytics. Segmentation must ensure that surgical systems have guaranteed network performance while being isolated from general hospital traffic. Vendor remote access for maintenance and updates should be time-limited, logged, and authenticated.

8. Smart Building and Environmental Systems

Hospital building systems, including HVAC, fire suppression, elevator controls, lighting, and access control, increasingly use IoT sensors and controllers to maintain clinical environments. Operating room temperature and humidity are regulated to specific ranges required for surgical safety. Pharmacy and laboratory storage requires precise temperature monitoring to maintain medication and sample integrity. Negative-pressure isolation rooms depend on building automation systems to contain airborne pathogens.

IoT-connected environmental monitoring provides continuous data logging for Joint Commission and regulatory compliance, automated alerting when conditions drift outside specified ranges, energy management that reduces utility costs across large hospital campuses, and integration with clinical systems (operating room scheduling triggers HVAC adjustments).

Security considerations: Building automation systems communicate over BACnet, LonWorks, and other industrial protocols that were designed for reliability, not security. These systems are frequently managed by facilities teams rather than IT, creating ownership gaps where neither team has full visibility. In 2013, a Target breach originated from HVAC contractor credentials. Hospital building systems that share network infrastructure with clinical systems create lateral movement paths that attackers exploit. Asimily discovers and classifies building automation devices alongside clinical IoMT, providing unified visibility across both domains.

Related: Network Segmentation Security Best Practices

9. Real-Time Location Systems (RTLS) and Asset Tracking

Hospitals lose significant staff productivity to locating equipment. Nurses spend an estimated 6,000 hours per year per hospital searching for infusion pumps, wheelchairs, and other mobile equipment. RTLS uses IoT tags (BLE beacons, UWB, RFID, Wi-Fi) attached to equipment and staff badges to provide real-time location visibility.

Beyond equipment tracking, RTLS enables patient flow optimization (tracking wait times, room turnover, and department throughput), staff safety monitoring (duress alerting), hand hygiene compliance monitoring (detecting whether staff use sanitizer stations when entering patient rooms), and contact tracing during infectious disease outbreaks. Asset utilization data from RTLS helps biomedical engineering and supply chain teams make evidence-based purchasing decisions, avoiding unnecessary capital expenditure on equipment that already exists but cannot be located.

Security considerations: RTLS infrastructure covers the entire hospital campus and generates location data for equipment, staff, and sometimes patients. This data reveals movement patterns, staffing levels, and patient locations, information that has both privacy and physical security implications. RTLS tags communicate constantly over wireless protocols, and the backend servers that process location data should be segmented and access-controlled. Asimily’s device utilization capability tracks medical device usage patterns, complementing RTLS data with device-level security and operational intelligence.

Related: Automated IoT Visibility and Deep Categorization

10. AI-Powered Clinical Decision Support

AI-powered clinical decision support systems use IoT device data (vital signs, lab results, imaging, and medication records) to identify patterns that predict adverse events before they occur. Early warning systems monitor patient deterioration indicators and alert clinical teams to intervene before a code event. Sepsis prediction algorithms analyze vital sign trends from bedside monitors to flag at-risk patients hours before clinical presentation.

These systems aggregate data from multiple IoT devices simultaneously: a patient’s bedside monitor, infusion pump, ventilator, and lab analyzer all feed data into the AI model. The value depends on the quality, completeness, and timeliness of the IoT data pipeline. AI-assisted triage systems using IoT sensor data are now being deployed in emergency departments to prioritize patients by acuity.

Security considerations: Clinical decision support systems ingest data from the most sensitive IoT devices in the hospital and produce recommendations that directly influence clinical decisions. The data pipeline from device to AI model must be protected against tampering, since manipulated input data could lead to incorrect clinical recommendations. These systems also process and store large volumes of ePHI, making them high-value targets for data exfiltration. Security teams should ensure that the data feeds from IoT devices to clinical decision support platforms are authenticated, encrypted, and monitored for anomalies.

The Security Challenge Across All Healthcare IoT

The ten examples above share common security characteristics that healthcare delivery organizations must address:

Most of these devices cannot run security agents. Traditional endpoint security tools do not work on infusion pumps, CGMs, imaging systems, or building automation controllers. Security must be applied at the network layer, around the device rather than on it.

Clinical protocols lack built-in security. DICOM, HL7, and BACnet were designed for functionality, not cybersecurity. They often transmit data without encryption or authentication, and standard IT monitoring tools do not parse them.

Device lifecycles exceed IT refresh cycles. MRI machines, surgical robots, and building automation systems operate for 10 to 20 years. Many will run end-of-life operating systems for the majority of their operational life. Compensating controls, not patching, are the primary security mechanism.

Scale makes manual management impossible. A health system with 50,000 connected devices cannot manually inventory, assess, segment, and monitor each one. Automation is required at every stage.

Regulatory requirements apply to all of them. HIPAA, FDA cybersecurity guidance, the 2026 HIPAA Security Rule update, and state mandates like New York’s 10 NYCRR 405.46 all impose security obligations on connected medical devices. 84% of healthcare organizations now include cybersecurity requirements in medical device vendor RFPs.

Related: Healthcare Cyberattacks: Why Hospitals Are the Top Target

Related: Healthcare Cybersecurity Best Practices

How Asimily Helps Secure Healthcare IoT

Every IoT healthcare example in this guide creates clinical value and cybersecurity risk simultaneously. Managing that risk requires capabilities that traditional IT security tools do not provide: passive discovery that does not disrupt clinical equipment, protocol analysis that understands DICOM, HL7, BACnet, and clinical-specific communications, vulnerability prioritization that accounts for patient safety, and segmentation that isolates devices without breaking clinical workflows.

Asimily provides these capabilities across IoMT, IoT, OT, and IT environments from a single platform. The platform uses passive deep packet inspection to discover and classify every connected device on the hospital network, including clinical devices, building systems, and IT infrastructure. MITRE ATT&CK-based vulnerability prioritization determines which devices are realistically exploitable given their network context. Targeted segmentation groups devices by exploit vector, reducing risk across thousands of devices in days rather than months. Continuous behavioral monitoring with packet capture detects compromised devices and supports forensic investigation.

Asimily is ranked #1 by KLAS in Healthcare IoT Security. To see how the platform protects connected medical devices across health systems, schedule a conversation with our team or explore the Asimily healthcare solution.

Asimily is the next-generation cyber asset and exposure management platform for IT, IoT, OT, and IoMT environments. Ranked 11th on the 2024 Deloitte Technology Fast 500 and #1 by KLAS in Healthcare IoT Security 2026. Learn more.