A recent report highlights the security challenges and spending trends among healthcare cybersecurity leaders. Based on a survey of over 600 healthcare IT decision-makers involved in medical device procurement, the findings reveal that 22% have faced cyberattacks specifically targeting their organizations’ medical devices.
A new report sheds light on the cybersecurity challenges and spending behaviors among healthcare IT leaders. Based on a survey of over 600 healthcare IT decision-makers involved in medical device procurement, the study found that 22% had experienced cyberattacks targeting their organization’s medical devices—and of those, 75% reported that the incidents directly compromised patient care.
Why It Matters:
A significant number of respondents expressed a lack of confidence in their organization’s ability to protect medical devices from cyber threats. This concern is so pronounced that 46% admitted to having declined to purchase certain devices due to security fears, according to McLean, Virginia-based Runsafe Security, which commissioned the study.
The 2025 Medical Device Cybersecurity Index, released on Thursday, is based on research involving IT professionals from both the U.S. and internationally who have direct knowledge of medical device security. According to researchers, the findings highlight a troubling trend regarding the vulnerability of diagnostic, treatment, and monitoring devices critical to patient care.
“While electronic health records (EHR) systems had the highest compromise rate at 52%, cyber attackers are increasingly shifting focus from data theft to disrupting operations,” the report states. This includes deliberate attacks on life-sustaining medical devices that directly interact with patients.
Attackers are intentionally targeting mission-critical infrastructure, including the software and firmware within medical devices and health IT applications, aiming for maximum disruption—even at the cost of patient lives.
Over the past year, one-third of surveyed organizations reported experiencing ransomware attacks aimed at crippling device operations. Malware infections (51%) and network intrusions (44%) were also cited as the most common methods used by cybercriminals.
These threats have forced many healthcare systems to isolate devices, quarantine systems from networks, and prioritize security features built into devices to reduce the need for post-deployment patching.
Among organizations that reported medical device compromises:
43% experienced 1–4 hours of downtime
31% faced outages lasting 5–12 hours
19% suffered device outages exceeding 13 hours
Researchers also emphasized the rising importance of software bills of materials (SBOMs) in procurement decisions, with 78% of respondents rating them as “essential” or “important.”
Additionally, 79% of device buyers expressed a willingness to pay more for advanced runtime protection or built-in exploit prevention capabilities.
The Broader Trend:
There is growing demand across the healthcare sector for collective action to address vulnerabilities exploited by advanced persistent threat actors. However, progress on industry-wide efforts—such as implementing SBOMs—has been slow, despite a surge in cyberattack activity in recent years.
SBOMs are vital tools for helping enterprise IT teams assess and monitor the software components used in medical devices. Darren Lacey, former Chief Information Security Officer at Johns Hopkins, previously noted that understanding underlying technologies is essential for evaluating new tools, such as large language models, and developing appropriate testing protocols.
Expert Insight:
“With healthcare buyers now willing to pay a premium for enhanced security features, medical device manufacturers have a clear economic incentive to invest more in cybersecurity innovation,” researchers concluded. “This shift could help elevate the overall security baseline across the industry.”
