#USA #Medical Devices #McLean #RunSafe Security #Cybersecurity Index

Medical Device Cybersecurity Index 2025

As cyber threats loom larger in the healthcare sector, a recent report from RunSafe Security has shed light on how vulnerable medical devices are becoming. Released on June 18, 2025, the 2025 Medical Device Cybersecurity Index indicates that a startling 22% of healthcare organizations have been the victims of cyberattacks that directly compromised their medical devices. This statistic marks a significant shift in the perception of cybersecurity from being a mere IT issue to a fundamental component of patient safety.

Key Findings from the Index

The report is based on a comprehensive survey of 605 healthcare executives across the United States, the United Kingdom, and Germany. Notably, 35% of these organizations have identified operational technology (OT)—which encompasses various medical devices—as their most pressing cybersecurity concern. This is a stark contrast to prior years when information technology (IT) systems were the main focus of cybersecurity efforts.

As hospitals transition towards digital infrastructures, integrating everything from infusion pumps to imaging equipment, the risks of exposure multiply. The FBI's Cyber Division has reported alarming figures: 53% of networked medical devices have at least one identified critical vulnerability. In 2024, the healthcare sector was subjected to more cyber threats than any other vital industry.

The repercussions of these cybersecurity breaches can be dire; up to 46% of healthcare organizations that faced incidents reported the necessity for manual operations to maintain services, while others suffered delayed medical procedures and extended patient stays due to system failures. 43% of affected organizations experienced up to 4 hours of downtime and 31% saw disruptions lasting up to 12 hours, which can be catastrophic in patient care scenarios.

Procurement Transformation

The landscape of procurement is also evolving. The study reveals that 83% of healthcare organizations now embed cybersecurity standards directly into their requests for proposals (RFPs) for medical devices. Alarmingly, 46% have opted against purchasing certain devices because of cybersecurity risks. Furthermore, 73% of the participants noted that new FDA guidelines and EU cybersecurity regulations significantly affect their procurement strategies.

Despite these changes, the confidence in handling these threats remains worryingly low: only 17% of organizations feel highly confident in their ability to detect and respond to cybersecurity attacks on medical devices.

Willingness to Invest in Security

On a more positive note, 79% of executives expressed their readiness to invest more in medical devices that offer advanced runtime protection or built-in prevention features, with 41% indicating a willingness to pay up to 15% more for such enhancements.

Transparency and Security Standards

Additionally, 78% of healthcare providers consider having Software Bills of Materials (SBOMs) as critical or highly significant when making procurement decisions. The index also highlights increasing cyber threats targeting critical infrastructure, with malware infections and network intrusions being the primary avenues through which these attacks are executed. Notably, 51% of organizations reported incidents related to malware, while 44% faced network breaches, with some specifically experiencing ransomware designed to paralyze device operations.

Conclusion

This report sends a resounding message to the healthcare sector: cybersecurity for medical devices is no longer a checkbox on a compliance list; it is a crucial aspect that can directly impact patient care and safety. As emphasized by Joe Saunders, the CEO of RunSafe Security, the future of healthcare cybersecurity necessitates a fundamental reevaluation of how medical devices are assessed, procured, and utilized.

With the potential for life-or-death scenarios arising from system failures due to cyber threats, healthcare organizations are urged to prioritize robust cybersecurity measures. For full insights and data on this crucial issue, the complete RunSafe Security 2025 Medical Device Cybersecurity Index is available for download.