A Quarter of Healthcare Organizations Report Medical Device Attacks
A Quarter of Healthcare Organizations Report Medical Device Attacks
https://www.infosecurity-magazine.com/news/quarter-healthcare-medical-device/
Publish Date: 2026-04-29 06:05:00
Source Domain: www.infosecurity-magazine.com
One-in-four (24%) healthcare organizations (HCOs) experienced cyber-attacks impacting medical devices over the past year, causing potentially significant disruption to patient care, according to RunSafe Security.
The security vendor polled 551 healthcare professionals across the US, UK and Germany to produce its 2026 Medical Device Cybersecurity Index.
It revealed that, in 80% of cases, attacks affecting devices had a “moderate” or “significant” impact on patients.
This could range from delayed imaging and postponed procedures to interruptions to critical care delivery, RunSafe claimed.
Read more on medical devices: Nine in Ten Healthcare Organizations Use the Most Vulnerable IoT Devices
Cybersecurity is increasingly being integrated into procurement and operations. Some 82% of respondents said they have deployed or are actively piloting runtime exploit protection, 84% said they include cyber in vendor RFPs, and 76% that they would pay extra for advanced protection.
However, legacy equipment continues to expose many HCOs.
Over two-fifths (44%) of responding organizations said they use devices with known, unpatched vulnerabilities, and 28% admit operating devices past end-of-support.
Medical Device Manufacturers Hit by Major Cyber-Attacks
The findings come as device manufacturers themselves come under attack.
This week, US giant Medtronic admitted suffering a data security incident after notorious extortion group ShinyHunters listed the firm on its leak site in mid-April.
The threat actors claimed to have exfiltrated more than nine million records containing personal information, alongside large volumes of internal corporate data.
Separately, Fortune 500 medical technology vendor Stryker was impacted in March when the Iranian-sponsored Handala group wiped tens of thousands of corporate devices after accessing an Intune admin account.
“The findings land against a backdrop of large-scale healthcare cyber incidents that have disrupted care…
