The growing sophistication of medical devices make it likely that 2025 will be another challenging year for cybersecurity and medical devices.
Increasing medical device sophistication relates to the inclusion of more connectivity and advanced features like artificial intelligence (AI) integration and means that the attack surface for cybercriminals is continuing to expand.
Speaking at the Outsourcing Clinical Trials (OCT) Medical Devices 2025 conference, taking place in Munich, Germany, on 28-29 January, David Bicknell, principal analyst, strategic research at GlobalData, stated that in his view, which is shared by the wider cybersecurity sector, the rising sophistication in medical devices means the requirement for sophisticated security measures to protect patient data and device functionality will also rise in 2025.
“With more connected devices, regulatory bodies like the US Food and Drug Administration (FDA) are likely to enforce stricter cybersecurity standards for medical devices, pushing manufacturers to prioritise security through the product life cycle,” he said.
“The proliferation of connected medical devices will necessitate robust security protocols for data transmission and device management. As cybersecurity concerns around AI-powered devices as AI integration in medical devices grows, securing the underlying algorithms and data pipelines will become critical.
Bicknell also highlighted the potential impact the likelihood security mandates for medical devices ramping up may have on the security-innovation quotient.
He said: “The pressure to rapidly introduce new medical technologies might compromise security considerations, if not carefully managed.
Another broader security issue is a potential skills gap in cybersecurity expertise.
“Healthcare organisations may struggle to find qualified cybersecurity personnel to manage complex medical device security on AI,” said Bicknell.
Regarding potential attack vectors for medical devices, Bicknell stated that it comes down to the age of the device, whether devices have been updated, and the effect this may have on firmware and software.
“There are particular issues from a medical device perspective, including how easy is it to be able to update those devices,” he said.
“And as time goes on, and more people begin using AI components in their medical devices, the issue of bad actors getting access to that data, is a rising concern.”
