Blindly deploying vendor patches can sideline critical devices and jeopardize patient safety.
By Christian Espinosa, CEO & Founder of Blue Goat Cyber
Hospitals today are more connected than ever. With the explosion of IoMT-enabled devices, healthcare delivery has become smarter and more efficient. But there’s an inherent risk that needs greater awareness: vendor-issued software or firmware updates that unexpectedly knock devices offline.
I’ve seen “routine” patches sideline critical equipment for days, leaving healthcare technology management (HTM) professionals in crisis mode trying to fix issues they didn’t cause. Rolling out vendor patches without testing isn’t just risky; it’s gambling with patient safety.
Cybersecurity and patient safety are intrinsically linked. By leaving a device unpatched, you’re opening yourself up to attacks. However, deploying a bad patch risks the same outcome: harm to patients. HTM professionals sit at the center of this balancing act. They must make sure devices are secure and available when lives depend on them.
The key is that vendor patches can’t be blindly trusted. Patches are supposed to fix problems, but in healthcare, I’ve witnessed them creating new ones. A hospital I’ve worked with once pushed out a vendor patch to infusion pumps without testing; they just installed the new patch. Within a day, dozens of pumps started displaying error codes. As a result, nurses had to roll back to manual workflows, treatments slowed, and the HTM team spent days troubleshooting, all while patient care hung in the balance.
Ultimately, an update that disables alarms or corrupts device data is just as dangerous as a cyberattack, and blind trust in vendor updates has consequences. However, there are a number of things HTM teams can do to avoid these issues.
Pre-Testing Protocols
The first fix is simple in concept: Build a culture of “trust but verify.” Every update is a potential risk event and should never be treated as routine maintenance, but as safety checks. Even with limited in-house resources, creating a small sandbox or digital twin environment will help you avoid potential pitfalls compared to pushing vendor updates directly to your live systems.
I recommend developing a repeatable checklist for updates that ensures critical functions still work after the patch. Also, ensure you have a rollback plan in place. If a patch fails, you must be able to quickly restore the prior version, rather than waiting on the vendor while devices sit offline.
Best Practice for HTM–IT Collaboration
Smart devices operate in two worlds: On the one hand, they are medical equipment, and on the other, they are networked systems. That means IT and HTM teams can’t afford to operate in silos. Too often, updates gone wrong become a blame game when, in reality, there was likely a communication breakdown.
The most successful hospitals establish joint protocols for patch testing and deployment, maintain a single device inventory that both teams can access, and hold regular cross-department meetings to stay aligned. Using shared frameworks, such as the NIST Cybersecurity Framework or the US Food and Drug Administration’s Secure Product Development Framework, gives HTM and IT teams a common language to work with.
I’ve seen firsthand that when IT and HTM actually collaborate, device downtime decreases, and patient safety improves.
Advocating for Safer Vendor Protocols
But hospitals can’t be expected to carry this burden alone. Instead, vendors must step up and do better. Too often, vendors rush out new patches with little transparency for HTM professionals, and hospitals end up absorbing the risks. A “just trust us” culture doesn’t cut it when, ultimately, patients’ lives are on the line.
As best practice, a safe vendor update process should include pre-release testing documentation, clear disclosure of potential vulnerabilities and any third-party components, as well as practical rollback guidance with responsive support in case of any issues. If your vendor isn’t providing these things, push back and ask questions. Make it part of your contracts, and demand better.
So, what can HTM teams do right now? Start by establishing an updated governance process that clearly documents the testing, validation, and deployment of patches. Secondly, keep your IoMT inventory current so you know what’s in play and what versions are running. Thirdly, develop downtime workflows that allow patient care to continue if a device goes offline unexpectedly. Investing in testing infrastructure is key here, even if modest. Down the line, it will save more than it costs. Finally, advocate for accountability, both within your hospital and across the industry.
About the author: Christian Espinosa is the founder and CEO of Blue Goat Cyber, specializing in medical device cybersecurity and regulatory compliance. He has over 10 years of experience in medtech and more than 30 years in cybersecurity, helping medical device manufacturers and healthcare providers strengthen defenses against evolving cyber and operational risks.
ID 379532429 © Yuri Arcurs | Dreamstime.com
