RunSafe Security’s 2025 Medical Device Cybersecurity Index delivers a timely and comprehensive assessment of the rising threat landscape surrounding connected medical devices. Based on insights from 605 healthcare executives across the U.S., UK, and Germany, the report sheds light on how cyber threats are increasingly targeting embedded systems vital to patient care. With 22% of organizations reporting cyberattacks that directly impacted medical devices—and 75% of those incidents disrupting care—the survey underscores the urgent need to rethink device security strategies. The Index reflects a growing awareness among healthcare leaders that cybersecurity is no longer confined to IT silos but is now deeply intertwined with clinical safety and continuity of care.

The results of the survey signal a significant shift in procurement, budgeting, and regulatory alignment across healthcare systems. 83% of providers now integrate cybersecurity standards directly into their medical device purchasing criteria, and nearly half have rejected purchases due to security concerns. Notably, 73% report that updated FDA guidance and EU cybersecurity regulations are already shaping procurement behavior. Despite a 75% increase in OT security budgets over the past year, only 17% of respondents feel extremely confident in detecting and containing medical device attacks—highlighting a persistent readiness gap. Healthcare providers are also demanding more visibility from manufacturers, with 78% emphasizing the importance of Software Bills of Materials (SBOMs) during device evaluations.

Overall, the 2025 Index paints a clear picture: medical device cybersecurity is now a patient safety imperative that is transforming clinical and operational priorities. As attacks increasingly lead to delays in care, forced manual procedures, extended patient stays, and even facility transfers, healthcare systems are realigning their technology investments to prioritize real-time protection and resilience. The willingness of 79% of respondents to pay a premium for built-in runtime security features signals strong market demand for more secure devices. The message from the data is unequivocal—healthcare leaders must treat device cybersecurity as a clinical priority to ensure safe, uninterrupted care in an era of escalating digital risk.

MedTech Spectrum's Summary

Cybersecurity Now a Clinical Priority: 22% of healthcare organizations experienced medical device-related cyberattacks, with 75% of those disrupting patient care—signaling that cybersecurity has moved from an IT concern to a critical component of patient safety.

Procurement and Policy Are Evolving: 83% of organizations now embed cybersecurity standards into medical device purchasing, and 73% report that FDA and EU regulations are directly influencing procurement—highlighting a market-wide shift toward secure-by-design devices.

Readiness Gap Persists Despite Investment: While 75% of providers increased their OT security budgets, only 17% feel highly confident in their ability to contain attacks, emphasizing the urgent need for stronger protections, transparency, and embedded device security.