Guarding Connected Care: Cyber Security for Medical Devices in 2025

Summary: Internet-connected medical equipment – from infusion pumps to implantable cardiac devices – now underpins modern diagnosis and therapy. Yet, a surge in ransomware, data-stealing malware, and remotely exploitable flaws shows that patient safety is increasingly intertwined with cybersecurity. This article explains why medical devices are targeted, reviews the most recent attacks and vulnerability alerts, and outlines practical steps that regulators, hospitals, clinicians, manufacturers, and patients can take to keep care connected and secure.

Keywords: cyber security; medical devices; ransomware; IoMT; patient safety; healthcare.

Connected Equipment, Connected Risk

Healthcare has undergone a rapid digital transformation, embracing the Internet of Medical Things (IoMT): a web of interconnected diagnostic and therapeutic devices, including monitors, wearables, infusion pumps, imaging platforms and even implantables. These tools can share data in real-time, enabling faster and more personalised treatment. However, this connectivity also increases exposure to cyber threats.

Many hospitals today operate tens of thousands of network-connected medical devices, many of which run on outdated operating systems or use insecure communication protocols. When coupled with flat, unsegmented networks, this environment enables a single compromised device to serve as a stepping stone for broader network intrusions, including access to critical systems such as electronic health records (EHRs).

Why Attackers Choose Medical Targets

While the theft of sensitive patient records is certainly lucrative, with stolen health records fetching a premium on the dark web, cyber criminals have increasingly identified healthcare as a high-pressure target for extortion. Ransomware actors know that delays in treatment can have life-or-death consequences, making hospitals more likely to pay quickly to restore access to data or systems.

Indeed, healthcare organisations suffer the highest rate of successful cyber attacks among all sectors. In 2024, over 80% of healthcare providers worldwide reported at least one successful cyber breach, marking the highest level ever recorded. These attacks are not only financially costly but also threaten patient safety and disrupt clinical services, sometimes simultaneously across multiple sites.

Ransomware is not the only danger. Attackers also exploit weak device configurations, known vulnerabilities and exposed remote access interfaces to manipulate treatment settings or harvest clinical data.

Recent Incidents and Vulnerability Alerts (2024–2025)

These incidents illustrate two worrying trends. First, ransomware remains a rapid route to criminal profit, with actors targeting operational continuity. Second, vulnerabilities in standalone medical devices allow attackers to exfiltrate sensitive data or tamper with therapy, even without deploying ransomware.

A Shifting Regulatory Landscape

Governments and regulators are beginning to catch up with the cyber security implications of connected care. In the United States, the Food and Drug Administration (FDA) published new guidance in 2023 requiring that all pre-market submissions include a Software Bill of Materials (SBOM) and a long-term patch management plan.

In the UK, the Medicines and Healthcare products Regulatory Agency (MHRA) announced in December 2024 that cyber security-specific guidance for Software as a Medical Device (SaMD) will be released in 2025. This forms part of a broader reform agenda targeting post-market surveillance and risk management.

The forthcoming EU Cyber Resilience Act will apply similar requirements across Europe. Under this legislation, manufacturers who fail to incorporate secure-by-design practices will risk both reputational and commercial damage. Market access will hinge on the ability to demonstrate resilience against cyber threats throughout a device’s operational life.

Cyber Defence Across the Device Lifecycle

Cyber security cannot be bolted on as an afterthought; it must be embedded throughout the design, deployment, and maintenance phases of medical devices. A lifecycle approach to defence includes:

Design & Manufacture

• Integrate threat modelling into the early stages of product development.
• Eliminate default passwords and weak access control mechanisms.
• Ship an SBOM (Software Bill of Materials) with every device to help hospitals identify vulnerable libraries when new CVEs (Common Vulnerabilities and Exposures) are announced.

Deployment

• Isolate clinical networks to prevent lateral movement. For example, MRI machines should not share the same network space as hospital guest Wi-Fi.
• Apply multi-factor authentication to all remote access points, including maintenance and diagnostic portals.

Maintenance

• Apply security patches within timeframes that reflect the risk of known vulnerabilities. Alarmingly, in 2024, unpatched infusion pumps still accounted for over 70% of devices across surveyed hospitals.
• Implement centralised log monitoring to identify irregular commands or data transmissions.

Decommissioning

• Before devices are resold, recycled or scrapped, all stored data must be securely wiped.
• Certificates and cryptographic keys should be revoked to prevent future misuse.

Clinicians and Patients: What Can Be Done Today?

Frontline staff and patients play a crucial role in detecting and preventing cyber risks. Several immediate steps can enhance safety:

• Verify firmware: Before surgery or routine check-ups, request that biomedical engineers confirm that implants and surgical equipment are using the latest software versions.
• Disable unneeded connectivity: The FDA advises that internet connectivity should be disabled for patient monitors, such as the Contec CMS8000, unless remote access is essential.
• Report anomalies: If devices reboot unexpectedly, display false alarms, or provide inconsistent vital signs, these could indicate a compromise. NHS staff should escalate through Cyber Operational Pressures Escalation (COPE); patients can report via the MHRA Yellow Card app.
• Use strong authentication: Avoid shared logins onwards. Clinicians should adopt password managers or physical security tokens to mitigate phishing attacks.
• Stay updated: Sign up for NHS Digital’s Cyber Alert service or the US CISA ICS-Medical Advisories to remain informed of emerging threats and new patches.

Suppliers and Managed Service Providers: Contracting for Security

Modern healthcare often relies on third-party vendors for tasks such as imaging archiving, cloud analytics, and remote monitoring. Contracts should explicitly mandate robust security standards:

• Compliance frameworks: Require ISO 27001 certification or adherence to the NHS Data Security and Protection Toolkit.
• Round-the-clock protection: 24/7 Security Operations Centre (SOC) monitoring should be a baseline expectation.
• Disaster readiness: Vendors should participate in tabletop exercises that simulate ransomware incidents and test recovery plans, including manual workarounds for critical equipment such as ventilators and infusion pumps.

Proactive Defence Through Artificial Intelligence

Cyber defence is shifting from reactive to proactive thanks to artificial intelligence. Machine learning models can now detect anomalies in real time by analysing device telemetry, log data, and network behaviour. For instance, a pacemaker transmitting data outside of expected hours may trigger an automated alert.

However, effective AI requires good data. Hospitals must ensure that logs are accurate, timestamped and collected from every device. Without this foundation, AI tools may miss critical warning signs.

Looking ahead, advances such as confidential computing may soon enable implantable devices to accept cryptographically verified firmware updates, without revealing source code to potentially untrusted intermediaries. Meanwhile, research into quantum-resilient encryption is beginning to show promise for safeguarding sensitive implant data well beyond the current decade.

Security as a Clinical Priority

Cybercriminals now understand that healthcare is uniquely vulnerable. They exploit this fact with ransomware, data theft and device manipulation that directly affects patients. At the same time, the increasing digitisation of care offers real-time visibility, faster patching, and the potential for collaborative defence.

Healthcare providers must stop viewing cyber security as an IT issue. It is a core component of patient safety – no less important than hand hygiene or device sterilisation. Every actor in the system, from manufacturers to frontline clinicians, plays a role in making connected care both effective and safe.

By integrating security into every stage of the medical device lifecycle – from design and regulation to day-to-day clinical use – we can ensure that the connected future of healthcare is not only smart but secure.

Disclaimer
The information provided in Guarding Connected Care: Cyber Security for Medical Devices in 2025 is intended for general informational purposes only. While every effort has been made to ensure the accuracy and relevance of the content as of the publication date (15 June 2025), Open Medscience makes no guarantees or warranties, express or implied, regarding the completeness, accuracy, reliability, or suitability of the information contained herein.

This article does not constitute professional, legal, regulatory, or medical advice. Readers are advised to consult qualified professionals or relevant regulatory bodies before making decisions based on the topics discussed.

References to specific organisations, cyber incidents, product vulnerabilities, or regulatory developments – including those listed in the table of recent events – are provided for illustrative and educational purposes only. They do not imply endorsement, affiliation, or fault, and are based on publicly available information at the time of writing.

Cyber security threats evolve rapidly. Open Medscience does not accept any liability for loss, damage, or disruption caused by errors or omissions, or by the use or reliance on the material provided. Any actions taken based on the information in this article are done so at the reader’s own risk.

For the most up-to-date guidance on cyber security in medical technology, please consult official sources such as national regulatory authorities, cybersecurity centres, and medical device manufacturers.