This article details a growing threat landscape targeting medical devices, with attacks often exploiting vulnerabilities in outdated or unsupported hardware and software to disrupt healthcare delivery. The report cites that 24% of surveyed healthcare organizations experienced such an incident, with 80% resulting in moderate to significant patient care damage. While specific CVSS scores, affected versions, and patches are not provided, the article highlights that healthcare organizations are investing in cybersecurity but remain challenged by legacy devices, as evidenced by recent attacks on manufacturers like Medtronic and Stryker.
Critical Infrastructure Security , Threat Intelligence Medical device threats increasingly disrupt healthcare systems May 1, 2026 Share By SC Staff (Adobe Stock) Infosecurity Magazine reports that medical device-targeted cyberattacks have impacted 24% of healthcare organizations in the U.S., UK, and Germany over the past 12 months. Moderate to significant damage to patient care was observedin 80% of such incidents, according to a RunSafe Security report. While AI is now widely used in the healthcare sector, organizations continue to be concerned about cybersecurity threats and vulnerabilities. In response to this growing concern, most healthcare organizations now invest in cybersecurity across procurement and operations, but outdated and unsupported devices continue to pose security risks. Medical device manufacturers recently affected in these cyberattacks include Medtronic , which was allegedly extorted by ShinyHunters, and Stryker, which was hit by the Iran-backed Handala group. "The findings land against a backdrop of large-scale healthcare cyber incidents that have disrupted care delivery and revenue flows, underscoring how quickly attacks on device-adjacent systems can translate into patient harm," stated RunSafe Security CEO Joseph Saunders. SC Staff Related Security Operations FCC approves new rules to combat robocalls and bolster cybersecurity SC Staff May 1, 2026 The commission unanimously passed measures to strengthen the "Know Your Customer" requirements for telecommunications companies, mandating more thorough identity verification for service enablement. Supply chain Arbitrary code pushed by long concealed backdoor in widely used WordPress redirect add-on SC Staff May 1, 2026 Popular WordPress plugin Quick Page/Post Redirect, which allows the creation of redirects in posts, pages, and custom URLs, was injected with a stealthy backdoor half a decade ago that enabled arbitrary code injection into websites, BleepingComputer reports. Supply chain Illicit AI-assisted commit-linked npm dependency compromises crypto wallets SC Staff May 1, 2026 Illicit AI-assisted commit-linked npm dependency compromises crypto wallets North Korean state-backed threat group Famous Chollima, also known as APT37 and Reaper, has published the malicious @validate-sdk/v2 npm package purporting to be a validation tool, which is associated with a code commit co-authored by Anthropic's Claude Opus model, to breach cryptocurrency wallets as part of the PromptMink campaign that has been underway for the past seven months, according to Infosecurity Magazine. Related Events Cybercast From code to cloud: Stopping attacks in the software supply chain On-Demand Event Virtual Conference Securing the Backbone: Strategies to Counter Cyber Threats to Critical Infrastructure in the Public Sector On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting Business Email Compromise (BEC) Deauthentication Attack Defacement Denial of Service Dictionary Attack Distributed Scans Domain Hijacking Dumpster Diving Fault Line Attacks You can skip this ad in 5 seconds