Stay informed and never miss a beat!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
.webp)
Hospitals today are increasingly filled with smart devices—from Wi-Fi infusion pumps and wireless patient monitors to network-connected imaging machines—all part of the Internet of Medical Things (IoMT). These connected medical devices promise efficiency and better patient outcomes, even automating tasks traditionally done by nurses. Yet this digitization comes at a cost: it has expanded the attack surface for cybercriminals.
Healthcare systems have become prime targets for hackers, as evidenced by a 45% surge in cyberattacks on health organizations globally since late 2020. Adversaries recognize that medical data is extremely valuable and that disrupting clinical services can put lives at risk, making hospitals more likely to pay ransoms. In short, as IoMT adoption accelerates, so does the urgency of securing clinical environments against cyber threats.
The explosion of IoMT devices in hospitals has fundamentally altered the healthcare cybersecurity landscape. Smart hospitals worldwide are projected to deploy over 7 million IoMT devices by 2026—double the number from 2021. Each connected infusion pump, heart monitor, or robot trolley represents a potential entry point for attackers. Unfortunately, many of these devices were not built with security in mind. Over half of connected medical devices contain at least one unpatched critical vulnerability, creating easy opportunities for hackers.
The healthcare industry has become a prime target for cybercriminals due to the vast amount of sensitive patient data and the critical nature of medical services. Threat actors range from organized cybercriminal gangs seeking profit (e.g., via ransomware) to nation-state hackers and malicious insiders. They are attracted by the sensitive patient data and the life-or-death stakes—a combination that often pressures victims to promptly meet attacker demands.
Global trends reinforce this alarming picture. The WannaCry ransomware outbreak in 2017 illustrated how a single cyber weapon could wreak havoc worldwide—it hit over 200,000 systems across 150 countries, including dozens of UK hospitals. More recently, in late 2020, Europe and Asia saw the sharpest rise in healthcare attacks (over 100% increase in some regions). Even regions with stronger defenses were not spared; North America still experienced a significant spike in hospital cyber incidents. These trends underscore that no healthcare system, from small clinics to national hospital networks, is immune. As the IoMT ecosystem expands, the attack surface becomes borderless, requiring a coordinated global response to defend patient care from cyber harm.
Healthcare institutions face a gamut of cyber threats leveraging IoMT weaknesses. Some of the most pressing threats include:
Ransomware is arguably the gravest threat, with attackers infiltrating hospital networks, encrypting critical systems and IoMT devices, then demanding payment. This can cripple clinical operations. For example, the 2017 WannaCry attack forced 19,000+ appointment cancellations in the UK’s National Health Service by locking down medical PCs and devices. Ransomware often enters via phishing emails or by exploiting unpatched device vulnerabilities. Once inside, it spreads rapidly across networked equipment. Because lives are on the line, hospitals feel immense pressure to pay ransoms to restore systems. As of 2022, roughly two-thirds of healthcare facilities globally had experienced a ransomware attack.
IoMT devices frequently handle sensitive protected health information (PHI)—vital signs, medical histories, images, etc. If compromised, they can serve as gateways to larger hospital databases. Attackers prize PHI because it can be sold for identity theft or insurance fraud. Over 133 million patient records were exposed in healthcare data breaches in 2023. In one notorious case, hackers accessed a medical lab’s systems and exposed data on 12 million patients.
Attackers have developed malware tailored to hijack medical devices, taking advantage of their outdated software and weak defenses. Once inside a device, the malware can disrupt its function or use it as a foothold into the wider network. For instance, the MEDJACK malware discovered in 2015 targeted devices like heart monitors, MRI machines, and insulin pumps. Such attacks can alter the functionality of critical devices—imagine changing an infusion pump’s drug dosage or disabling an alarm on a patient monitor.
Perhaps the most frightening scenario is a hacker intentionally manipulating a life-sustaining device to hurt a patient. Security researchers have shown this is more than theoretical. In 2018, analysts found severe vulnerabilities in certain pacemakers made by Medtronic that could be exploited to remotely control the devices. Similarly, demonstrations at security conferences have hacked IV infusion pumps to deliver lethal doses of medication by altering their software.
Many IoT and IoMT devices have minimal security and can be conscripted into botnets. An attacker might infect hundreds of hospital devices (like smart thermostats, networked security cameras, or even internet-enabled lab equipment) and use them collectively to launch DDoS attacks. The target could be the hospital itself—flooding its network to knock critical systems offline—or some external victim.
Numerous case studies illustrate that these threats are not hypothetical—they are already hitting hospitals around the world with devastating impact. A few notable examples include:
Hospitals must implement a multi-layered approach to defend against these threats. Key steps include:
The rapid adoption of IoMT devices has revolutionized healthcare, but it has also introduced unprecedented security risks. Cyberattacks on hospitals are no longer hypothetical; they are an active, evolving threat that can jeopardize patient safety and operational continuity. The future of medicine depends not just on innovation, but on the security measures that safeguard it.