Asset visibility programs into connected medical devices have suffered from a paradox. Visibility could only be attained because encryption of data in motion was either not possible or was performed with legacy, weak encryption. In other words, the most widely used approaches to gaining visibility were only possible because encryption was poor or nonexistent.
As modern cryptographic capabilities like TLS 1.3 become the standard for medical device communications, the operational reality for clinical engineering and IT is changing. Traditional passive monitoring, which extracts device data from protocols like DICOM, is losing its effectiveness. This shift leaves critical context opaque, stripping away the visibility into software versions, configuration parameters and device data that security and biomed teams rely on.
Visibility and strong encryption for medical devices do not have to be mutually exclusive.
Claroty is pioneering a new approach to help healthcare organizations stay ahead of this curve, beginning with a focus on mission-critical infusion systems.
Why This is Happening Now: Modernization Pressure is Real
Recent HIPAA security rule modernization activity signals a clear direction: move from flexible guidance to more prescriptive cybersecurity expectations, including encryption, stronger authentication, tighter contingency planning, and better technology inventories and mapping. Importantly, these changes have been discussed as part of a proposed update to strengthen protections for electronic protected health information (ePHI).
In practical terms, healthcare security leaders are preparing for a world where:
Encryption of ePHI in transit is expected to be far less optional and far more standardized
MFA becomes a baseline expectation for system access
Technology inventories and mapping become more explicit and more frequent
Resilience expectations tighten (including restoration capabilities)
Business associate notification timelines become more defined in contingency-plan scenarios
Healthcare device manufacturers are responding accordingly, by encrypting more of what devices send and receive. That’s where the visibility challenge begins.
The Infusion Blind Spot: When Encryption Reduces Context
Infusion devices have long generated valuable security and operational context over the network. Historically, some of that traffic could be interpreted in ways that supported device identification and monitoring.
But with newer approaches, such as device-to-server encrypted communications, visibility into that traffic can drop sharply. The impact isn’t limited to one vendor or one security platform. Everyone loses the same network line of sight when MDMs make the important shift to using encryption as the new standard for communications.
When that happens, teams don’t just lose packet inspection, they lose answers to questions like:
What exact pump and modules are present on the network right now?
What software/firmware versions are in use?
Which modules are attached to which PC units (PCUs)?
How do we continuously assess risk without relying on decrypting traffic?
In other words: you’re not losing data. You’re losing context and actionable operational truth.
A Pragmatic Way Forward: Secure Interoperability For Discovery And Context Enrichment
If you attended HIMSS 2026 and caught Claroty’s demos with BD, “From Blind Spots to Insight: Infusion Device Cybersecurity with MEM-DMC Interoperability,” you saw the challenges that arise for security and clinical engineering programs when medical devices use encrypted communications.
The demos showed how BD Alaris™ System infusion devices securely share identity and software data with Claroty xDome using BD’s implementation of the IHE MEM-DMC profile and standardized HL7v2 messaging. With automated discovery and continuous risk assessment, biomedical engineers and IT teams get real-time visibility into infusion fleets, helping detect cyber risks and drive operational efficiency.
When publicly available, such capabilities will preserve crucial visibility even as traditional traffic inspection becomes less viable. By leveraging proven interoperability standards, the integration enables the seamless exchange of key device context while strictly avoiding the transfer of protected health information (PHI).
What This Restores
Using secure device-to-platform signaling, teams can regain:
Device identity and accurate inventory detail
Software/firmware version awareness for continuous risk assessment
PCUs/module relationships (e.g., the “brain” unit and connected modules)
More timely awareness of configuration changes that matter for safety and cyber risk
Device location: Once we re-identify the modules, we can also get their location, which is a big use case
This is especially valuable for biomedical engineering and IT teams managing infusion fleets at scale where device inventory and real-time contextual information can directly improve both cyber posture and operational readiness.
Why This Matters Beyond Infusion Pumps
Infusion systems are not the exception. They’re an early example of a broader directional change:
As medical device manufacturers encrypt more communications to meet evolving security and privacy expectations, healthcare security programs must evolve their visibility strategy, from passive discovery to secure interoperability, continuous inventory, and risk-aware monitoring.
This isn’t just a technical shift. It’s a programmatic shift.
Resolving the Paradox
Encryption is the right strategy for protecting ePHI. But visibility must evolve alongside it, or security teams will achieve protection of data in flight at the cost of losing the baseline medical device visibility essential for risk reduction and effective clinical operations.
This is how we resolve the paradox: the future of medical device cybersecurity is about building secure interoperability that securely provides device identity, context, and continuous risk insight, even as traffic becomes opaque. Visibility and strong encryption can coexist, and Claroty is leading the charge to rethink how to achieve it.
To learn more, request a demo with one of our experts.
