RunSafe Security, a pioneer of cyberhardening technology for embedded systems across critical infrastructure, has officially published the results from its 2025 Medical Device Cybersecurity Index report, which reveals that 22% of healthcare organizations have experienced cyberattacks that directly impacted medical devices.
Going by the available details, three-quarter of these incidents disrupted patient care, including nearly a quarter (24%) that required patient transfers to other facilities.
Before we dig any further into the given report, we must acknowledge how RunSafe’s 2025 Medical Device Cybersecurity Index surveyed 605 healthcare executives across the U.S., UK, and Germany, eventually revealing that healthcare cybersecurity has evolved from primarily an IT concern to something highly integral to the pursuit of patient safety.
To back that up with numbers, 35% of organizations were found to now identify Operational Technology (OT) systems like medical devices as their biggest cybersecurity concern, compared to traditional IT systems.
Anyway, the whole exercise from RunSafe also delivers a rather interesting follow-up to one FBI’s Cyber Division report, where it was revealed that over 53% of networked medical devices have at least one known critical vulnerability.
This particular lowdown also claimed, among the organizations affected by cybersecurity incidents, 46% required manual processes to maintain operations, 44% reported delayed diagnoses or procedures, and 44% had extended patient stays. As for when the systems failed, 43% experienced up to 4 hours of downtime, whereas on the other hand, 31% faced up to 12 hours without critical systems.
All in all, FBI Cyber Division would reach upon a conclusion that healthcare sector experienced more cyber threats in 2024 than any other critical infrastructure industry.
Turning our attention towards RunSafe’s report, it begins by touching upon procurement transformation, which is evident in how 83% of healthcare organizations now integrate cybersecurity standards directly into their medical device RFPs, with 46% declining purchases due to cybersecurity concerns.
Next up, the report expands upon regulatory influence. Here, 73% of respondents reported that new FDA cybersecurity guidance and EU cybersecurity regulations are already influencing their procurement decisions.
Another detail worth a mention is rooted in the fact that, even though we are witnessing meaningful increases in OT budgets, the consensus’ confidence remains on a more cautionary side. From a statistical standpoint, over 75% of organizations increased their medical device and OT security budgets over the past 12 months, but at the same time, no more than 17% feel extremely confident in their ability to detect and contain attacks on medical devices.
Apart from that, the survey also discovered a growing acceptance for premium pricing, as 79% of executives say their healthcare organization are willing to pay a premium for devices with advanced runtime protection or built-in exploit prevention. In fact, 41% of them were even willing to pay up to 15% more.
Rounding up highlights would be an aspect associated with transparent demands. This translates to how 78% of providers consider Software Bills of Materials (SBOMs) essential or important in procurement decisions.
Among other things, we ought to acknowledge how conscious targeting of critical infrastructure, such as malware infections (51%) and network intrusions (44%), are currently among the most significant of attack vectors. We get to say so because over third of organizations experienced ransomware specifically designed to disrupt device operations, while on the other hand, 26% faced supply chain compromises affecting multiple facilities simultaneously.
Founded in 2015, RunSafe Security’s rise up the ranks stems from conceiving automated vulnerability identification and software hardening from build-time to runtime, all for the purpose of defending software supply chain and critical systems without compromising performance or requiring any code rewrites whatsoever.
The company’s excellence in what it does can also be understood once you consider it is trusted by various heavyweights from sectors like defense, energy, operational technology, industrial automation, transportation and automotive, medical device, as well as high-tech manufacturing
“Healthcare organizations are no longer treating medical device cybersecurity as checkbox compliance,” said Joe Saunders, Founder and CEO of RunSafe Security. “Threat prevention has moved from the server room to the operating room, and our research shows it’s fundamentally reshaping how healthcare organizations evaluate, purchase, and deploy medical devices.”
