Hacking Healthcare: What the Latest Data Tells Us About Medical Device Security

In this episode of Exploited: The Cyber Truth, host Paul Ducklin sits down with RunSafe Security Founder and CEO Joe Saunders to explore the urgent and evolving risks facing medical devices in healthcare. Based on RunSafe’s 2025 Medical Device Cybersecurity Index—an extensive survey of over 600 healthcare leaders across the U.S., UK, and Germany—they unpack how cyberattacks are no longer limited to hospital IT networks but are now directly compromising connected medical devices, threatening patient care in real time.

From real-world consequences like forced patient transfers and increased downtime, to the rising willingness of healthcare organizations to pay premiums for secure devices, this conversation reveals how cybersecurity is reshaping healthcare operations and procurement strategies. Joe explains why securing medical devices requires a fundamentally different approach than traditional IT, the growing intersection of IT and operational technology (OT) risks, and why regulatory standards are more critical than ever for patient safety.

Topics covered:

• Real impacts of cyberattacks on medical devices and patient care
• Why 46% of healthcare organizations have declined to buy devices lacking strong security
• The unique challenges of securing medical devices versus traditional IT systems
• The convergence of IT and OT security risks in healthcare environments
• The rising importance of Software Bills of Materials (SBOMs) in medical device procurement
• Advice for device manufacturers adapting to a security-first healthcare market

If you’re involved in healthcare, medical device manufacturing, or cybersecurity, this episode offers vital insights into the new front lines of protecting patient care in a connected world.