Do Cyberattacks on Medical Devices Impact Patient Outcomes?
Cybersecurity incidents affecting medical devices can disrupt clinical workflows and delay care, with potentially serious consequences. Englert points to ransomware attacks that have interfered with hospital operations and reduced access to critical systems.
“We’ve seen the real impact on patient safety and availability to deliver care,” Englert says. “It’s about device availability and access to the data those devices generate.”
In ransomware scenarios, even temporary loss of system access can disrupt diagnostic and treatment processes, forcing hospitals to divert patients or delay procedures.
That reality has elevated medical device cybersecurity from a compliance issue to a clinical imperative.
How Can Healthcare Organizations Secure Legacy Medical Devices?
One of the biggest challenges healthcare organizations face is securing legacy medical devices that were not designed with modern cybersecurity protections. These systems often remain in service for years or even decades, creating persistent risk exposure.
“Those legacy device risks were always there, whether we knew about them or not,” Englert says.
Healthcare providers are increasingly deploying new tools and strategies to mitigate those risks without immediately replacing costly equipment. Passive monitoring systems, for example, can identify and track medical devices across hospital networks.
“These tools help classify devices, understand inventory and recognize unexpected traffic,” Englert says.
DISCOVER: Zero trust stands as a secure foundation for healthcare’s IoMT devices.
Network segmentation is another critical safeguard, helping contain potential cyber incidents and preventing attackers from moving freely within hospital environments.
“If one area is impacted, we can limit the blast radius,” Englert says.
Healthcare organizations are also implementing stricter configuration controls and removing unnecessary data from devices.
“Many groups delete unnecessary data so that if a device is accessed, the amount of data exposed is limited,” Englert says.
How Can Vendors and Providers Coordinate Security?
Medical device cybersecurity requires close coordination between healthcare providers and manufacturers. Both parties share responsibility for maintaining device security throughout its lifecycle.
“We realize this is a shared responsibility where we understand what you’re responsible for and you understand what we’re responsible for,” Englert says.
Industry initiatives such as standardized contract language frameworks are helping clarify security expectations and accelerate incident response. These efforts strengthen collaboration and ensure both providers and vendors remain accountable for maintaining device security.
“Developing that rapport and rebuilding that trust improves our ability to detect and recover much more quicky,” Englert says.
Click the banner below to sign up for HealthTech’s weekly newsletter.
