New research finds 24% of healthcare organizations report cyberattacks affecting medical devices, with 80% impacting patient care, as cybersecurity becomes a core requirement in medical device purchasing.
Approximately 24% of healthcare organizations have reported cyberattacks or exploited vulnerabilities involving medical devices, with 80% of those incidents resulting in disruptions to patient care, according to the 2026 Medical Device Cybersecurity Index from RunSafe Security.
The report, based on a survey of 551 healthcare professionals across the US, the UK, and Germany, indicates that cybersecurity is becoming a primary requirement in purchasing decisions. The data shows that 84% of organizations now include cybersecurity requirements in their procurement processes, and 56% have rejected devices due to security concerns, an increase from 46% in 2025.
Operational disruptions caused by these incidents include delayed imaging, postponed procedures, and interruptions in critical care delivery, according to the report.
“The findings land against a backdrop of large-scale healthcare cyber incidents that have disrupted care delivery and revenue flows, underscoring how quickly attacks on device-adjacent systems can translate into patient harm,” says Joseph M Saunders, founder and CEO of RunSafe Security, in a release. “Medical device cybersecurity is increasing in importance to healthcare buyers as they see it as a patient safety and regulatory imperative.”
Legacy Systems and Unpatched Vulnerabilities
Despite the shift toward stricter procurement, legacy infrastructure continues to introduce risk into clinical environments. The index found that 44% of organizations report using devices with known, unpatched vulnerabilities, and 28% operate equipment past its end-of-support date.
RunSafe Security notes that these legacy systems, combined with the rapid adoption of new technologies, create vulnerabilities faster than they can be mitigated. Even minor vulnerabilities in connected devices can lead to system-wide disruptions as these tools become more deeply embedded in clinical workflows.
The Impact of AI Adoption
The report also identifies a gap between the adoption of new technology and security readiness. While 57% of healthcare organizations now use AI-enabled or AI-assisted medical technologies, 80% of respondents expressed moderate to high concern regarding the cybersecurity risks associated with these systems.
This suggests that the adoption of AI is currently outpacing the implementation of risk mitigation strategies, according to the report.
As connected devices become central to patient outcomes in time-sensitive environments, the report emphasizes the need for proactive security throughout the medical device lifecycle to maintain clinical resilience.
