One-in-four healthcare organizations — 24% — reported cyber-attacks that affected medical devices over the past year, according to a new survey from RunSafe Security.
Scale of device-impacting attacks
RunSafe Security’s 2026 Medical Device Cybersecurity Index drew responses from 551 healthcare professionals across the US, UK and Germany. The vendor’s headline finding: 24% of those organisations experienced cyber-attacks that impacted medical devices in the prior 12 months. That level of exposure signals a widespread operational problem for hospitals, clinics and other care providers that rely on networked and embedded medical equipment.
Patient impact: delayed imaging to interruptions of critical care
RunSafe reports that in 80% of incidents affecting devices the impact on patients was judged either “moderate” or “significant.” The vendor lists concrete ways that harm has expressed itself: delayed imaging, postponed procedures and interruptions to critical care delivery. Those examples underline how attacks that touch devices or device-adjacent systems can shift rapidly from an IT incident to an actual patient-safety event.
Adoption of protections and shifting procurement behavior
Respondents told RunSafe that cybersecurity is increasingly woven into buying and operating decisions. Some 82% said they have deployed or are actively piloting runtime exploit protection for devices. Eighty-four percent reported that they include cyber requirements in vendor RFPs, and 76% said they would pay extra for advanced protection. Procurement changes are visible in behaviour: 56% of respondents said they rejected devices at the procurement stage because of cybersecurity concerns, up from 46% in the prior year.
Legacy devices and AI raise new tensions
At the same time, many organisations remain exposed by older equipment. RunSafe found that 44% of responding organisations use devices with known, unpatched vulnerabilities, and 28% admit they operate devices past end-of-support. Those gaps exist even as medical systems increasingly incorporate artificial intelligence: 57% of organisations polled said they have adopted AI-enabled or AI-assisted medical systems, while 80% reported moderate to high concern about the cybersecurity risks those technologies introduce. RunSafe frames this as a growing tension between security and productivity as care providers balance new capabilities against device risk.
Manufacturer incidents: Medtronic listed by ShinyHunters; Stryker hit by Handala
The RunSafe findings arrive while manufacturers themselves face high-profile incidents. This week US giant Medtronic admitted a data security incident after the extortion group ShinyHunters listed the firm on its leak site in mid‑April; the threat actors claimed to have exfiltrated more than nine million records containing personal information, alongside large volumes of internal corporate data. Separately, Fortune 500 medical technology vendor Stryker was impacted in March when the Iranian‑sponsored Handala group wiped tens of thousands of corporate devices after accessing an Intune admin account. RunSafe’s CEO, Joseph Saunders, tied those episodes to the survey results: “The findings land against a backdrop of large-scale healthcare cyber incidents that have disrupted care delivery and revenue flows, underscoring how quickly attacks on device-adjacent systems can translate into patient harm.”
What this means for technologists, procurement leaders, and patients
- Technologists and security teams: the survey suggests accelerating deployment of runtime exploit protection (82%) and heightened concerns around AI-enabled systems (80% report moderate to high concern), indicating operational priorities will include patching programs, runtime protections and controls around AI integrations.
- Procurement leaders and buyers: inclusion of cyber requirements in RFPs (84%) and a rising rate of procurement rejections on cybersecurity grounds (56% this year, up from 46% last year) show buyers are willing to make purchasing decisions on cyber criteria and to pay for stronger protection (76% would pay extra).
- Patients and care delivery managers: with 80% of device-impacting incidents judged to have moderate or significant patient impact, the operational consequences cited by RunSafe — delayed imaging, postponed procedures, interruptions to critical care — are direct lines from cyber events to care disruption.
RunSafe’s index stitches together high incidence of device-impacting attacks, persistent legacy vulnerabilities and high-profile manufacturer breaches into a single, practical challenge: organisations are moving to harden procurement and runtime controls even as device ecosystems and AI adoption create new risk vectors. The immediate questions left by the survey are operational and pragmatic — will organisations be able to reduce the 44% using devices with known, unpatched vulnerabilities and the 28% running equipment past end-of-support, and can manufacturers and buyers close the gap between intent (procurement rules and willingness to pay) and the realities of the installed base?
Original reporting: https://www.infosecurity-magazine.com/news/quarter-healthcare-medical-device/
