Medical Device Network

Axonius buys Cynerio in $100m deal targeting medical device cybersecurity

Axonius aims to close the “massive” security blind spot posed by the rising adoption of connected medical devices in global healthcare systems.

Ross Law July 30 2025

Axonius has acquired New York-headquartered healthcare cybersecurity company Cynerio in a $100m cash and stock deal.

The US-based cybersecurity asset management specialist’s acquisition will address the challenge of the “vast and unprotected attack surface” it claims the proliferation of connected medical devices poses to global healthcare providers.

According to Axonius co-founder and CEO Dean Sysman, hospitals have been operating with a “massive” digital security blind spot.

He explained: “The very devices essential for patient care, from infusion pumps to MRI machines, have been completely invisible to cybersecurity teams, creating a dangerous, unprotected attack surface.”

According to GlobalData analysis, cybersecurity spend by healthcare providers will grow at a compound annual growth rate (CAGR) of 12.5% to reach $10.9bn by 2027, up from $6.1bn in 2022. Overall medical device company spending on cybersecurity is projected to grow at a CAGR of 12.9% to $1.2bn by 2027, up from $631.2m in 2022, as organisations look to defend their devices from attacks.

Sysman continued: “By integrating Cynerio’s deep clinical expertise with Axonius asset intelligence, we can offer healthcare providers what they’ve been asking for: a single source of truth capable of securing their entire clinical environment.”

The rising risk of connected medical devices to hospitals and healthcare providers is further exacerbated by the fact that many global healthcare systems operate on legacy systems, a reality that leaves the overall security estate more vulnerable.

KPMG’s recent Intelligent Healthcare report advised healthcare organisations to create sustainable technology and data infrastructure by modernising legacy systems and investing in robust cybersecurity protocols.

GlobalData’s 'Cybersecurity in Healthcare (2024)' report highlights that the Covid-19 pandemic intensified increased cyber risk in healthcare by accelerating remote working and a switch from in-person to virtual care paradigms.

Some observers also view Russia’s invasion of Ukraine as an influence on rising cyberattacks on global healthcare systems, with the attacks viewed as a tool for mass disruption as much as financial extortion.

Significant cyberattacks on healthcare entities in 2024 that were ultimately attributed to Russian groups include attacks on UnitedHealth Group’s (UHG) Change Healthcare and NHS Dumfries and Galloway’s IT systems in February, US hospital group Ascension in May, and UK National Health Service (NHS) Trust Guy's and St Thomas' in June via the trust’s pathology provider, Synnovis.