A new report from Runsafe Security highlights how medical device cybersecurity has shifted from a traditional IT issue to a critical patient safety concern. The survey of 605 healthcare executives reveals that 22 percent of healthcare organizations experienced cyberattacks targeting medical devices, with 75 percent of those incidents directly affecting patient care. About 35 percent now identify OT (operational technology) systems like medical devices as their biggest cybersecurity concern.
Cybersecurity is now influencing procurement decisions, as 46 percent of respondents have declined to purchase devices due to security concerns, while 79 percent are willing to pay premium prices for devices with advanced security features. Notably, 35 percent of healthcare leaders now identify medical devices as their top cybersecurity concern.
The findings show that 75 percent of organizations have increased their medical device and OT security budgets over the past 12 months. Seventy-nine percent are willing to pay a premium for devices with advanced runtime protection or built-in exploit prevention. At the same time, 46 percent have declined medical device purchases due to cybersecurity concerns. The research clearly underscores how rising cyber risks are reshaping budget priorities and influencing clinical decision-making across the healthcare ecosystem.
Runsafe reported that as the traditional boundaries between IT and OT continue to blur, it’s causing a shift in security mindset. While 65 percent of healthcare organizations remain more concerned about IT vulnerabilities, 35 percent now identify OT systems like connected medical devices as their biggest cybersecurity concern. Real-world attacks are likely driving these concerns.
“But the interconnected nature of modern healthcare networks means IT and OT vulnerabilities are no longer isolated risks,” the report added. “Medical devices are increasingly operating on the same networks as traditional IT systems, sharing data with electronic health records, and connecting to hospital Wi-Fi networks. This convergence creates new attack pathways that allow cybercriminals to exploit traditional IT vulnerabilities, such as compromised email systems or network credentials, and gain access to medical devices.”
The 2017 WannaCry attack is a perfect example of this. WannaCry spread through network connections using the ‘EternalBlue’ exploit that targeted a vulnerability in Microsoft Windows systems. The ransomware used lateral movement techniques to spread from infected IT systems to connected medical devices.
Additionally, a 2021 ransomware attack on the IT systems of Ireland’s Health Service Executive (HSE), also disrupted radiology systems nationwide, forcing staff to cancel CT scans and other critical imaging procedures. This interconnectedness means that even a successful phishing attack on a hospital employee’s laptop can provide attackers with network access, enabling them to discover and target connected infusion pumps, patient monitors, and other critical devices.
The report noted that the convergence of IT and OT security is putting medical devices at the center of cybersecurity strategy. Healthcare organizations can no longer protect medical devices in isolation. Securing patient-critical systems now requires defending the entire interconnected ecosystem.
Runsafe identified that the theoretical risks of medical device cybersecurity have become a stark reality for healthcare organizations across the U.S. and Europe. “Our findings reveal that 22% of healthcare organizations have experienced medical devices being compromised by cyberattacks or exploited vulnerabilities, resulting in significant consequences for patient care and operational continuity.”
The fact that nearly half of the affected organizations had to revert to manual processes highlights how dependent modern healthcare has become on connected systems. Moreover, with almost a quarter requiring patient transfers, it demonstrates the severity of these incidents and their potential to cascade beyond individual facilities. Of course, when cyber attacks cause downtime, the decision to transfer patients is often the difference between life and death.
Among organizations that experienced compromised medical devices, Runsafe reported that 43 percent reported one to four hours of downtime. Another 31 percent faced disruptions lasting five to twelve hours, while 19 percent dealt with outages exceeding thirteen hours. Seven percent reported device unavailability that lasted more than three days. These extended outages push healthcare providers into crisis mode, forcing reliance on backup procedures that are often less accurate, more time consuming, and potentially compromise the quality of patient care.
Even if medical devices are not the point of breach, they are being hindered by cybersecurity attacks. Healthcare organizations can no longer treat medical device cybersecurity as a future concern. These attacks are disrupting patient care today and forcing providers to make life-or-death decisions about transferring patients when critical systems fail.
The survey data reveals a troubling pattern, where cybercriminals are targeting the very systems healthcare providers depend on most for patient diagnosis, treatment, and monitoring. “While electronic health records systems experienced the highest rate of compromise at 52%, many cyber attackers have moved beyond data theft to operational disruption. This includes the direct targeting of critical medical devices that come into contact with patients and sustain life.”
Indeed, Runsafe added that these incidents demonstrate sophisticated targeting of mission-critical infrastructure. “When a patient monitoring device fails in an ICU or an infusion pump stops working during chemotherapy treatment, the consequences are immediate and potentially fatal. In other words, attackers understand healthcare’s operational vulnerabilities and are exploiting them for maximum impact.”
Cybercriminals are currently targeting medical infrastructure, malware infections (51 percent) and network intrusions (44 percent) are the primary weapons, forcing healthcare organizations to quarantine critical devices and isolate entire systems from their networks. More than a third of organizations experienced ransomware specifically designed to disrupt device operations, turning patient care into a hostage situation where lives hang in the balance of ransom payments.
Headquartered in McLean, Virginia, Runsafe also highlighted the 26 percent rate of supply chain compromises is also concerning, as these attacks can affect multiple healthcare organizations simultaneously and are often harder to detect until widespread damage has occurred.
The report identified that the healthcare organizations recognize the threat to their OT environments and are investing accordingly, but current security approaches aren’t delivering the confidence levels needed to protect patient-critical systems. This gap is driving buyers to demand built-in security from manufacturers rather than relying on post-deployment fixes.
Additionally, vendors without built-in protections risk disqualification. Cybersecurity has become a gatekeeper to market access, with procurement processes now serving as the first line of defense against vulnerable devices entering healthcare environments. It recognized that healthcare buyers are demanding transparency through SBOMs (Software Bill of Materials) and resilience through built-in protections. These requirements are rapidly evolving from competitive differentiators to baseline expectations, creating a new standard for what constitutes an acceptable medical device in the cybersecurity era.
In conclusion, the Runsafe report recognized that cybersecurity has become a core pillar of patient safety and healthcare operations, no longer confined to the IT domain. Medical device security now directly affects procurement decisions, regulatory compliance, and clinical continuity. In some cases, cyberattacks have forced hospitals to cancel surgeries or divert ambulances, highlighting the real-world impact of security failures.
The healthcare industry is undergoing a major shift. Forty-six percent of organizations have declined device purchases due to cybersecurity concerns. SBOMs are no longer optional, but they are mandatory. Buyers are showing a clear willingness to pay more for devices with advanced, built-in protections.
For medical device manufacturers, this is both a warning and an opportunity. Those who prioritize transparency, implement strong runtime defenses, and manage vulnerabilities proactively are positioned to lead. Those who fail to embed cybersecurity from the start risk regulatory pushback and losing access to a market that now demands security as a baseline requirement.
Lastly, the convergence of IT and OT security, combined with unprecedented regulatory oversight and buyer sophistication, has created a new competitive landscape. Cybersecurity excellence now serves as the foundation upon which trust, market access, and patient safety are built.
