RunSafe Security’s Founder and CEO, Joseph Saunders, in conversation with MedTech Spectrum, offered exclusive insights into the release of the 2025 Medical Device Cybersecurity Index, a pioneering tool designed to benchmark and elevate the digital safety standards of connected health technologies. As the medtech industry faces rising threats from ransomware and software supply chain vulnerabilities, the index provides a timely, data-driven framework to assess cybersecurity posture across medical device categories. With real-time threat mapping, risk scoring, and actionable insights, RunSafe’s platform empowers manufacturers and healthcare providers to proactively safeguard patient data and device integrity—ushering in a more resilient era of medical innovation grounded in trust and digital accountability.

What do the findings of the 2025 Index reveal about the evolving nature of cybersecurity threats specific to medical devices compared to previous years?

What we're seeing is a major evolution from opportunistic attacks to highly targeted, sophisticated campaigns against medical infrastructure. The fact that 22% of healthcare organizations have already experienced cyberattacks impacting medical devices shows us we've moved well beyond the IT department, and we’re seeing impacts on patient care, which have real-world consequences.

The attackers have evolved beyond simply targeting data. They understand that disrupting operational technology can have immediate, life-threatening consequences. We're seeing malware specifically designed to disrupt device operations, with over a third of organizations experiencing ransomware that targets device functionality rather than just encrypting files. This represents a concerning escalation where cybercriminals are essentially holding patient care hostage.

Given that 35% of organizations now identify Operational Technology (OT)
systems as their top cybersecurity concern, how should medical device
manufacturers adapt their product development strategies?

This should serve as a wake-up call for both healthcare facilities and manufacturers of medical devices. The traditional approach of treating cybersecurity as an IT problem that gets bolted on later simply doesn't work for medical devices that need to operate 24/7 in life-critical situations. Therefore, those responsible for purchasing medical devices need to place greater emphasis on built-in cybersecurity features.

Meanwhile, manufacturers need to adopt the principles of ‘Secure by Design and Default’ from the outset. This means integrating runtime exploit prevention directly into the device firmware, implementing comprehensive vulnerability management processes, and building security that works even when patches can't  be immediately deployed. We're also seeing smart manufacturers adopt build-time SBOM generation to get accurate visibility into their software components, rather than relying on binary analysis that produces too many false positives.

How are new FDA and EU cybersecurity regulations shaping procurement
decisions among healthcare providers, and what role do Software Bills of
Materials (SBOMs) play in this shift?

The regulatory landscape has completely transformed the procurement process. With 83% of healthcare organizations now integrating cybersecurity standards directly into their RFPs, and 46% actually walking away from purchases due to security concerns, compliance has become a market access requirement, not just a nice-to-have.

SBOMs have become absolutely critical—78% of organizations now consider them essential in procurement decisions. But here's the thing: not all SBOMs are created equal. Healthcare buyers are getting sophisticated about demanding build-time SBOMs that accurately capture only the components actually present in the final device. This provides them with the transparency they need for ongoing vulnerability management, without the noise of false positives that traditional
binary analysis approaches generate.

Can you elaborate on the operational impact of cyber incidents on patient care and hospital workflows, especially in cases where patient transfers or diagnostic delays occurred?

They’re sobering. Among organizations affected by device-related cyber incidents, 75% experienced at least a moderate impact on patient care. What really drives home the severity is that 24% had to transfer patients to other facilities—that's essentially admitting your facility can't safely care for patients  due to a cyber incident.

Upon closer examination, 46% had to revert to manual processes, 44% experienced delayed diagnoses or procedures, and another 44% had extended patient stays. These represent serious breakdowns in the healthcare delivery system. The downtime statistics are particularly concerning, with some organizations dealing with device unavailability for more than three days. In healthcare, such disruption can literally be the difference between life and death.

With 79% of providers willing to pay a premium for advanced runtime protection, what types of embedded cybersecurity features are becoming essential in next-generation medical devices?

The willingness to pay premium pricing demonstrates that healthcare organizations are finally understanding that cybersecurity requires a real investment, not just checkbox compliance. They're looking for built-in protections that work without requiring constant patching or updates that can disrupt patient care.

Runtime exploit prevention is becoming a leading defense strategy because it protects devices from both known and unknown vulnerabilities, including zero-day exploits. By leveraging techniques that make each device logically unique, such as binary or memory randomization, it prevents attackers from using a single exploit to compromise multiple systems, even if the devices are functionally identical.

We're also seeing demand for comprehensive SBOMs generated at build-time, secure communication protocols, and memory protection technologies that prevent common attack vectors like buffer overflows. The key is that these protections need to be embedded at the firmware level, not added as an afterthought. Healthcare buyers are specifically asking for solutions that reduce their patch management burden while improving security posture, and they're willing to pay for that value.

Chaitrali Gajendragadkar

chaitrali.gajendragadkar@mmactiv.com

Senior Officer - Media Integrations

MedTech Spectrum

www.medtechspectrum.com