The healthcare cybersecurity landscape has reached a critical inflection point. RunSafe Security’s groundbreaking 2025 Medical Device Cybersecurity Index, released in June, delivers sobering statistics that should alarm every healthcare executive across Europe: 22% of healthcare organizations have experienced cyberattacks directly targeting medical devices. More disturbingly, three-quarters of these incidents disrupted patient care, with nearly a quarter requiring emergency patient transfers to other facilities.prnewswire+1 

This isn’t just another cybersecurity report—it’s a wake-up call that reveals how medical device vulnerabilities have evolved from theoretical IT concerns into immediate patient safety crises threatening the very foundation of modern healthcare delivery. 

The RunSafe Security 2025 Medical Device Cybersecurity Index: Unprecedented Healthcare Cyber Threat Data 

RunSafe Security surveyed 605 healthcare executives across the United States, United Kingdom, and Germany, uncovering trends that fundamentally challenge how the healthcare industry approaches cybersecurity attacks. The research reveals that healthcare cybersecurity has evolved from primarily an IT concern to a patient safety imperative driving procurement decisions and operational strategies.runsafesecurity 

The 22% Attack Reality: More Than Numbers 

The headline statistic—that more than one in five healthcare organizations experienced medical device cyberattacks—represents only the beginning of a more complex threat landscape. Among the organizations that reported incidents: 

• 75% experienced direct patient care disruption 

• 46% required manual processes to maintain operations 

• 44% reported delayed diagnoses or medical procedures 

• 44% documented extended patient hospital stays 

• 24% were forced to transfer patients to other facilitiesprnewswire+1 

These statistics paint a picture of healthcare systems pushed into crisis mode, where cyberangriffe (cyberattacks) force medical professionals to abandon digital workflows and revert to potentially less accurate, time-consuming manual processes. 

Operational Impact: When Digital Healthcare Fails 

The operational consequences extend far beyond temporary inconvenience. When medical device systems failed due to cyberattacks: 

• 43% of organizations experienced up to 4 hours of downtime 

• 31% faced between 4-12 hours without critical systems 

• 26% endured more than 12 hours of system unavailabilityrunsafesecurity+1 

During these extended outages, healthcare providers enter crisis mode, implementing backup procedures that may compromise the quality and speed of patient care. The research underscores how cybersecurity attacks now directly threaten the fundamental promise of modern healthcare: timely, accurate, life-saving treatment. 

European Healthcare Under Siege: A Regional Threat Assessment 

Germany’s Digital Healthcare Transformation at Risk 

Germany’s position as Europe’s largest healthcare market makes it particularly vulnerable to sophisticated cyberattack campaigns. The country’s ambitious digital health initiatives, including the nationwide rollout of electronic health records and the expansion of telemedicine services, have created an expansive attack surface that threat actors are increasingly targeting. 

German healthcare organizations face unique challenges due to their advanced medical device integration. The country’s world-renowned medical technology sector has produced highly sophisticated connected devices, but this technological advancement comes with corresponding security complexity. According to the RunSafe research, medical device manufacturers are struggling to balance innovation with security requirements, particularly as procurement teams increasingly prioritize cybersecurity in purchasing decisions.runsafesecurity 

United Kingdom’s NHS: A Prime Target 

The UK’s National Health Service represents one of the world’s largest integrated healthcare systems, making it an attractive target for nation-state actors and cybercriminal organizations. The NHS’s extensive digitization efforts, accelerated during the COVID-19 pandemic, have created millions of potential entry points for malicious actors. 

British healthcare executives report particular concern about medical device directive compliance and the intersection between cybersecurity requirements and patient safety regulations. The research indicates that UK organizations are among the most proactive in integrating cybersecurity standards into medical device procurement processes, with 89% of surveyed executives reporting that they now include security requirements in Request for Proposals (RFPs).prnewswire 

Continental Europe’s Fragmented Response 

Across continental Europe, healthcare cybersecurity approaches vary significantly by country, creating potential vulnerabilities in cross-border care coordination and data sharing. The European Union’s Medical Device Regulation (MDR) and upcoming Cyber Resilience Act are driving standardization efforts, but implementation remains inconsistent. 

French healthcare organizations report increasing concern about cyberattacks targeting critical care systems, while Italian hospitals struggle with legacy medical device infrastructure that lacks built-in security features. Netherlands-based healthcare systems, despite their advanced digital infrastructure, face sophisticated attack campaigns that exploit the interconnected nature of modern medical networks.veriti 

From IT to OT: The Fundamental Shift in Healthcare Cybersecurity Priorities 

The Operational Technology Revolution 

Perhaps the most significant finding from the RunSafe research is the fundamental shift in cybersecurity priorities. While 65% of healthcare organizations continue to focus primarily on traditional IT system vulnerabilities, 35% now identify Operational Technology (OT) systems like connected medical devices as their biggest cybersecurity concern.runsafesecurity 

This represents a seismic shift in healthcare risk management philosophy. Traditional IT security focused on protecting data and computational resources. OT security, by contrast, deals with systems that directly impact physical operations—in healthcare’s case, systems that directly affect patient diagnosis, treatment, and monitoring. 

Why Traditional IT Security Fails Medical Devices 

Medical devices present unique security challenges that traditional IT security approaches cannot adequately address: 

• Legacy Architecture Problems: Many medical devices run on proprietary operating systems or modified versions of older Windows installations that receive infrequent security updates. These systems were designed for reliability and regulatory compliance, not cybersecurity resilience.healthcareitnews 

• Air-Gap Myths: Healthcare organizations often assume that medical devices operate in isolated network segments, but modern healthcare networks are highly interconnected. Devices that appear isolated often maintain network connections for remote monitoring, software updates, or integration with electronic health records systems.linkedin 

• Network Segmentation Challenges: Implementing effective network segmentation in healthcare environments requires balancing security with clinical workflow requirements. Medical professionals need rapid access to patient data and device information, making aggressive network isolation impractical.prnewswire 

The Internet of Medical Things (IoMT) Attack Surface 

The proliferation of connected medical devices has created what cybersecurity researchers term the “Internet of Medical Things” (IoMT)—a vast network of interconnected medical equipment that spans everything from insulin pumps and cardiac monitors to MRI machines and surgical robots. 

According to FBI Cyber Division reports cited in the RunSafe research, 53% of networked medical devices contain at least one known critical vulnerability. These vulnerabilities create potential entry points for sophisticated attack campaigns designed to disrupt hospital operations, steal sensitive patient data, or compromise patient safety.prnewswire+1 

Device Categories Most Frequently Targeted: 

• Imaging systems (41% of incidents) 

• Patient monitoring devices (40%) 

• Laboratory/diagnostic equipment (34%) 

• Infusion pumps (23%) 

• Networked surgical equipment (19%) 

• Implantable devices (19%)medicaldesignandoutsourcing 

Attack Vectors and Methodologies: How Adversaries Target Medical Devices 

Ransomware Evolution in Healthcare Settings 

The RunSafe research reveals that 37% of healthcare organizations experienced ransomware specifically designed to disrupt device operations, representing a significant evolution in attack methodology. Traditional ransomware focused on encrypting files and demanding payment for decryption keys. Medical device ransomware, by contrast, targets the operational functionality of devices themselves.prnewswire 

Device-Specific Ransomware Variants now target: 

• Infusion pump control systems, potentially altering medication dosages 

• Ventilator management software, threatening critical care patients 

• Diagnostic equipment calibration, compromising test accuracy 

• Surgical robot control systems, disrupting complex procedureslinkedin 

Payment vs. Replacement Decision Matrices: Healthcare organizations face an impossible choice when ransomware targets critical medical devices. Paying ransoms doesn’t guarantee device restoration and may encourage future attacks. However, replacing compromised devices can cost hundreds of thousands of dollars and requires weeks or months for procurement and installation. 

Supply Chain Infiltration Tactics 

The research identifies supply chain compromise as affecting 26% of organizations that experienced medical device security incidents. These attacks target the software and hardware supply chains that support medical device manufacturing and distribution.prnewswire 

Vendor Compromise Scenarios include: 

• Software supply chain attacks targeting device management platforms 

• Hardware component infiltration during manufacturing processes 

• Third-party maintenance service exploitation compromising devices during service calls 

• Firmware update hijacking delivering malicious code through legitimate update channelsindustrialcyber 

Insider Threats and Social Engineering 

Healthcare environments present unique social engineering opportunities due to the high-stress, collaborative nature of medical work. Attack campaigns increasingly target healthcare staff as potential vectors for medical device compromise. 

Healthcare Staff as Attack Vectors: 

• Phishing campaigns targeting clinical staff with device-related emergency notifications 

• Credential harvesting exploiting healthcare workers’ access to multiple systems 

• USB-based attacks leveraging the common use of removable media in healthcare settings 

• Social engineering calls impersonating device vendors or IT supportcheckpoint 

Patient Safety at the Centre: Life-or-Death Cybersecurity Implications

Critical Care Device Vulnerabilities

The RunSafe research reveals that cyberattacks increasingly target devices directly involved in patient care, creating unprecedented patient safety risks. Unlike data breaches that primarily threaten privacy, medical device compromises can directly impact patient survival. 

• Ventilators and Life Support Systems: Modern ventilators contain sophisticated computer systems that can be remotely accessed for monitoring and adjustment. Compromising these systems could alter breathing parameters, potentially causing life-threatening complications for critically ill patients.rubrik 

• Cardiac Monitoring and Pacemakers: Connected cardiac devices transmit real-time patient data to monitoring stations and can receive remote programming updates. Malicious actors could potentially alter pacemaker settings or interfere with cardiac monitoring alerts, delaying response to cardiac emergencies.arxiv 

• Surgical Robotics and Precision Medicine: Advanced surgical robots rely on computer-controlled precision systems that guide complex procedures. Cybersecurity compromises could introduce errors in surgical navigation, potentially causing patient harm during operations.acm 

Emergency Response Disruption 

Beyond individual device vulnerabilities, cybersecurity attacks can disrupt entire emergency response systems, creating cascading patient safety risks. 

• Ambulance Service Technology Failures: Modern ambulance services rely on connected devices for patient monitoring during transport, GPS navigation, and communication with receiving hospitals. System compromises can delay emergency response and interrupt critical care during transport.veriti 

• Emergency Department System Outages: When medical device networks fail, emergency departments must implement manual backup procedures that may be slower and less accurate than digital systems. The RunSafe research shows that 24% of severe incidents required patient transfers to other facilities, indicating complete operational failure.runsafesecurity+1 

Long-term Patient Outcome Impacts 

The consequences of medical device cybersecurity incidents extend beyond immediate operational disruption: 

• Delayed Diagnosis and Treatment: When diagnostic equipment fails or becomes unreliable due to cyber incidents, healthcare providers must rely on alternative testing methods that may be less accurate or require longer processing times.medicaldesignandoutsourcing 

• Medical Record Integrity Concerns: Compromised medical devices can inject false data into electronic health records, potentially leading to misdiagnosis or inappropriate treatment decisions based on corrupted information.arxiv 

• Trust Erosion in Digital Health Systems: Repeated cybersecurity incidents erode patient and provider confidence in digital health technologies, potentially slowing adoption of beneficial innovations.digital-strategy.europa 

Executive Decision-Making Framework: Beyond Technical Solutions 

C-Suite Risk Assessment Priorities 

The RunSafe research reveals a fundamental shift in executive-level risk assessment, with healthcare leaders increasingly recognizing that medical device cybersecurity represents a strategic business priority rather than merely a technical concern. 

• Board-Level Cybersecurity Governance: Healthcare boards are implementing new governance structures that require regular reporting on medical device security posture. These governance frameworks integrate cybersecurity risk assessment into clinical quality metrics and patient safety indicators.industrialcyber 

• Budget Allocation Strategies: 75% of organizations increased their medical device and OT security budgets over the past 12 months, indicating significant financial commitment to addressing these risks. However, many organizations struggle to quantify return on investment for cybersecurity spending, particularly when measuring prevention of potential patient harm.runsafesecurity 

Procurement Strategy Transformation 

The research reveals dramatic changes in medical device procurement processes, with 83% of healthcare organizations now integrating cybersecurity standards directly into their medical device RFPs.runsafesecurity+1 

Security-First Device Selection Criteria now include: 

• Mandatory Software Bills of Materials (SBOM) documentation (considered essential by 78% of providers) 

• Runtime protection and exploit prevention capabilities 

• Vendor security response and patch management processes 

• Long-term cybersecurity support commitmentsrunsafesecurity+1 

Contract Negotiation for Security Responsibilities: Healthcare organizations are implementing new contractual frameworks that clearly define cybersecurity responsibilities between providers and medical device manufacturers. These contracts include specific performance metrics for security response times and vulnerability remediation.medcrypt 

Insurance and Legal Liability Considerations 

• Cyber Insurance for Medical Devices: Traditional cyber insurance policies often exclude medical device incidents or provide limited coverage for operational technology failures. Healthcare organizations are negotiating specialized coverage that addresses the unique risks of connected medical equipment.industrialcyber 

• Patient Lawsuit Risk Mitigation: As cyberattacks increasingly impact patient care, healthcare organizations face potential legal liability for patient harm caused by cybersecurity failures. Legal frameworks are evolving to address questions of organizational responsibility when third-party device vulnerabilities contribute to patient injury. 

Industry Response and Best Practices: Learning from the 22% 

Leading Healthcare Organisations’ Security Strategies 

Organizations that successfully navigate medical device cybersecurity challenges implement comprehensive strategies that integrate technical solutions with operational procedures and staff training. 

Case Study Insights from Resilient Institutions: 

• Mayo Clinic implemented device-specific network segmentation with clinical workflow integration 

• Cleveland Clinic developed rapid response protocols for medical device security incidents 

• Kaiser Permanente created vendor security assessment frameworks that evaluate entire device lifecyclesradiantsecurity 

Investment Priorities and ROI Analysis: Leading organizations prioritize investments that provide both security benefits and operational improvements. This includes medical device monitoring platforms that enhance both cybersecurity and clinical effectiveness.research.aimultiple 

Vendor Accountability and Partnership Models 

• The research shows that 46% of healthcare organizations have declined medical device purchases due to cybersecurity concerns, forcing manufacturers to fundamentally reconsider their approach to security.runsafesecurity 

• Security-as-a-Service for Medical Devices: Progressive manufacturers are offering comprehensive security services that include continuous monitoring, threat intelligence, and incident response support throughout the device lifecycle.medcrypt 

• Shared Responsibility Frameworks: Industry leaders are developing partnership models that clearly define security responsibilities between healthcare providers and medical device manufacturers, including specific commitments for vulnerability response and long-term security support.medicaldesignandoutsourcing 

Future-Proofing Healthcare: Technology and Strategy Convergence 

Next-Generation Security Technologies 

• AI-Powered Threat Detection for Medical Devices: Advanced machine learning systems are being developed specifically to detect anomalous behavior in medical device networks. These systems can identify potential cyberattacks by recognizing patterns that deviate from normal device operation.arxiv 

• Zero-Trust Architecture Implementation: Healthcare organizations are implementing zero-trust security models that require continuous verification of device identity and behavior, rather than relying on perimeter-based security.healthcareitnews 

• Quantum-Safe Cryptography Preparation: As quantum computing advances threaten current encryption methods, healthcare organizations must prepare medical devices for post-quantum cryptographic standards.arxiv 

Industry Collaboration and Information Sharing 

• Healthcare Sector Threat Intelligence Sharing: Organizations are participating in industry-specific threat intelligence sharing programs that provide early warning of medical device-targeted attack campaigns.digital-strategy.europa 

• International Cooperation Frameworks: The European Union’s new healthcare cybersecurity action plan includes provisions for cross-border incident response and threat intelligence sharing, recognizing that cyberattacks often span multiple countries.digital-strategy.europa 

Actionable Recommendations: Immediate Steps for Healthcare Leaders 

30-Day Quick Wins 

• Emergency Device Inventory and Assessment: Conduct comprehensive audits of all connected medical devices, identifying those with known vulnerabilities and assessing their criticality to patient care operations.medicaldesignandoutsourcing 

• Critical Vendor Security Verification: Contact all medical device manufacturers to verify current security patch status and establish direct communication channels for future vulnerability notifications.medcrypt 

• Incident Response Plan Updates: Update existing incident response procedures to specifically address medical device compromise scenarios, including patient safety protocols and backup operational procedures.industrialcyber 

90-Day Strategic Initiatives 

• Comprehensive Security Architecture Review: Implement network segmentation strategies that isolate medical devices while maintaining necessary clinical connectivity and workflow efficiency.healthcareitnews 

• Staff Training Program Implementation: Deploy specialized training programs that educate clinical staff about medical device cybersecurity risks and reporting procedures for suspicious device behavior.checkpoint 

• Regulatory Compliance Gap Analysis: Assess current practices against evolving medical device regulation requirements, including FDA cybersecurity guidance and EU MDR security provisions.runsafesecurity 

Long-term Transformation (6-12 months) 

• Technology Infrastructure Overhaul: Implement comprehensive medical device security platforms that provide continuous monitoring, threat detection, and automated response capabilities.radiantsecurity 

• Organizational Culture Change Management: Develop organizational cultures that prioritize cybersecurity as a patient safety requirement rather than a technical compliance burden.medhealthoutlook 

• Industry Leadership and Advocacy Roles: Participate in industry standards development and policy advocacy to shape the future of medical device cybersecurity regulation and best practices.digital-strategy.europa 

The Economic Reality: Cybersecurity as Healthcare Investment 

Premium Pricing Acceptance for Secure Devices 

The RunSafe research reveals a remarkable willingness among healthcare executives to pay premium prices for enhanced security. 79% of executives report their organizations are willing to pay a premium for devices with advanced runtime protection or built-in exploit prevention, with 41% willing to pay up to 15% more for secure devices.prnewswire+1 

This pricing acceptance reflects a fundamental shift in how healthcare organizations evaluate medical device value propositions. Security features are no longer optional add-ons—they’re essential characteristics that justify higher acquisition costs. 

Total Cost of Ownership Calculations 

Progressive healthcare organizations are implementing comprehensive total cost of ownership (TCO) models that account for cybersecurity risks throughout the medical device lifecycle: 

Direct Security Costs: 

• Initial device hardening and security configuration 

• Ongoing vulnerability management and patching 

• Security monitoring and threat detection systems 

• Incident response and recovery proceduresindustrialcyber 

Indirect Risk Mitigation Costs: 

• Insurance premium adjustments for secure vs. unsecured devices 

• Regulatory compliance and audit preparation 

• Staff training and certification programs 

• Business continuity and disaster recovery planningprnewswire 

Avoided Cost Benefits: 

• Prevention of patient transfer costs (averaging $15,000-$50,000 per transfer) 

• Elimination of manual procedure costs during system outages 

• Reduced regulatory penalty risks 

• Avoided reputation damage and patient trust erosionrunsafesecurity 

Global Regulatory Convergence: The International Response 

FDA Cybersecurity Guidance Evolution 

The research indicates that 73% of healthcare organizations report new FDA cybersecurity guidance is already influencing their procurement decisions. The FDA’s Section 524B requirements mandate specific cybersecurity documentation for network-capable medical devices, fundamentally changing how manufacturers approach security throughout the device development lifecycle.medcrypt+1 

European Union Regulatory Framework 

The EU’s comprehensive approach combines multiple regulatory frameworks: 

• Medical Device Regulation (MDR): Requires cybersecurity risk management aligned with ISO 31010 and ISO 14971 standards, with mandatory post-market surveillance for cybersecurity vulnerabilities.runsafesecurity 

• Cyber Resilience Act: Will mandate cybersecurity requirements for all network-connected devices, including medical devices, with specific obligations for vulnerability disclosure and incident reporting.digital-strategy.europa 

• NIS2 Directive: Identifies healthcare as essential infrastructure requiring enhanced cybersecurity measures, including medical device security as part of overall organizational resilience.healthcareitnews 

Conclusion: The Intersection of Innovation and Security 

RunSafe Security’s 2025 Medical Device Cybersecurity Index reveals that healthcare cybersecurity has reached a critical juncture where the intersection of innovation and security determines not just organizational success, but patient survival. The statistic that 22% of healthcare organizations have experienced cyberattacks directly impacting medical devices represents more than a compliance challenge—it’s a patient safety crisis that demands immediate, comprehensive response. 

The transformation from IT-centric to OT-focused cybersecurity represents a fundamental evolution in healthcare risk management. As 35% of organizations now identify medical devices as their primary cybersecurity concern, the industry must abandon traditional approaches that treat security as an afterthought to innovation. 

European healthcare leaders face unique challenges in this evolving threat landscape. The combination of advanced medical device integration, complex regulatory requirements, and sophisticated threat actors creates a perfect storm of cybersecurity risk. However, the research also reveals unprecedented opportunities for organizations that proactively address these challenges. 

The willingness of 79% of healthcare executives to pay premium prices for secure devices signals a market transformation that rewards security innovation. Medical device manufacturers that embed comprehensive cybersecurity capabilities throughout the device lifecycle will find competitive advantages in an increasingly security-conscious market. 

Perhaps most critically, the research demonstrates that effective medical device cybersecurity requires holistic organizational commitment. Technical solutions alone cannot address threats that exploit human behavior, organizational processes, and complex interconnected systems. Success requires integration of cybersecurity into clinical workflows, procurement processes, staff training, and executive governance. 

As healthcare organizations confront the reality that cyberattacks now directly threaten patient safety, the choice becomes clear: evolve cybersecurity strategies to match the sophistication of modern threats, or accept the unacceptable risk of preventable patient harm. 

The 22% of healthcare organizations that have already experienced medical device cyberattacks serve as early indicators of a broader trend that will eventually impact the entire healthcare ecosystem. The question isn’t whether your organization will face these threats—it’s whether you’ll be prepared when they arrive. 

The future of healthcare depends on our collective ability to secure the digital foundation of modern medicine. The data is clear, the threats are real, and the time for action is now. 

About AI KNIGHTS 
AI KNIGHTS brings together cybersecurity professionals, healthcare executives, and technology leaders navigating the complex intersection of artificial intelligence and digital security. Our community provides authoritative insights, practical guidance, and strategic intelligence for organizations building resilient AI-powered healthcare systems. 

Join the AI KNIGHTS community for exclusive insights on healthcare AI security, regulatory compliance, and emerging threat intelligence. Subscribe to our newsletter and participate in discussions shaping the future of secure healthcare innovation. 

Sources: 

RunSafe Security. (2025, July 8). 2025 Medical Device Cybersecurity Index – RunSafe Security. https://runsafesecurity.com/resources/press-releases/2025-medical-device-cybersecurity-index/runsafesecurity 

RunSafe Security. (2025, August 5). RunSafe Security’s 2025 Medical Device Cybersecurity Index. https://runsafesecurity.com/whitepaper/medical-device-index-2025/runsafesecurity 

CrowdStrike. (2025). Healthcare Cybersecurity in 2025: Staying Ahead of Emerging Threats. https://go.crowdstrike.com/rs/281-OBQ-266/images/Whitepaper-Healthcare-Cybersecurity-Trends.pdflinkedin 

MedCrypt. (2025, July 17). Under Pressure: Why Medical Device Manufacturers Should Shift Focus to Cybersecurity Now. https://www.medcrypt.com/blog/under-pressure-why-medical-device-manufacturers-should-shift-focus-to-cybersecurity-nowmedcrypt 

Med Health Outlook. (2025, June 19). Tracing a Monumental Shift in Healthcare Industry’s Core Cybersecurity Priorities. https://medhealthoutlook.com/tracing-a-monumental-shift-in-healthcare-industrys-core-cybersecurity-priorities/medhealthoutlook 

Help Net Security. (2025, June 23). Medical device cyberattacks push hospitals into crisis mode. https://www.helpnetsecurity.com/2025/06/23/medical-devices-cyberattacks/prnewswire 

Industrial Cyber. (2025, June 19). Runsafe report: Medical device cyberattacks threaten patient care, strain budgets, top concern for healthcare sector. https://industrialcyber.co/medical/runsafe-report-medical-device-cyberattacks-threaten-patient-care-strain-budgets-top-concern-for-healthcare-sector/industrialcyber 

Check Point. (2025, April 7). World Health Day 2025: When Cyber Security Fails, So Does Public Health. https://blog.checkpoint.com/healthcare/world-health-day-2025-when-cyber-security-fails-so-does-public-health/checkpoint 

arXiv. (2025, March 19). Cyber Threats in Financial Transactions – Addressing the Dual Challenge of AI and Quantum Computing. https://arxiv.org/abs/2503.15678arxiv 

Radiant Security. (2025, June 4). Real-World Use Cases of AI-Powered SOC . https://radiantsecurity.ai/learn/soc-use-cases/radiantsecurity 

AI Multiple. (2025, July 31). Top 13 AI Cybersecurity Use Cases with Real Examples [’25]. https://research.aimultiple.com/ai-cybersecurity-use-casesresearch.aimultiple 

arXiv. (2024, July 23). Securing The Future Of Healthcare: Building A Resilient Defense System For Patient Data Protection. http://arxiv.org/pdf/2407.16170.pdfarxiv 

RunSafe Security. (2024, December 20). The Medical Devices Cybersecurity Landscape in the EU and the US. https://runsafesecurity.com/blog/regulatory-harmonization-medical-devices/runsafesecurity 

Veriti. (2025). The State of Healthcare Cybersecurity 2025 – A Veriti Research Report. https://veriti.ai/wp-content/uploads/2024/12/The-State-of-Healthcare-Cybersecurity-2025-_-A-Veriti-Research-Report.pdfveriti 

Healthcare IT News. (2025, July 9). Network level risk management key to medical device security. https://www.healthcareitnews.com/news/emea/network-level-risk-management-key-medical-device-securityhealthcareitnews 

Medical Design and Outsourcing. (2025, June 18). Cybersecurity report flags device vulnerabilities and user needs. https://www.medicaldesignandoutsourcing.com/cybersecurity-device-vulnerabilities-user-needs/medicaldesignandoutsourcing 

Rubrik. (2024). Healthcare Cybersecurity Challenges & Threats – 2025. https://www.rubrik.com/insights/healthcare-cybersecurity-challenges-threats-2025rubrik 

European Commission. (2025, April 8). Cybersecurity of hospitals and healthcare providers. https://digital-strategy.ec.europa.eu/en/factpages/cybersecurity-hospitals-and-healthcare-providersdigital-strategy.europa