The frequency and severity of medical device risks are escalating as devices proliferate and cyber attackers turn their attention to vulnerable environments. Medical devices represent a ripe target for cyber threats due to a combination of two factors:

• New technology-enabled, networked and interconnected medical devices are being introduced. These advanced devices increase clinical effectiveness, but open up new attack vectors and cyber risks.
• Despite these innovations, there are still a significant number of older medical devices in use today. These are often not secure, and poorly managed.
  

The current state of vulnerable medical devices requires an immediate, industrywide call to action. In order to address ever-mounting cybersecurity threats, organisations must take a programmatic approach to identification, mitigation and remediation of risk. The approach we recommend is fundamentally different from the current state approach. It requires all parties (from manufacturers to health care providers) to communicate and work in collaboration to actively identify cyber risks and related threats, plan for mitigation and remediation, and ensure the ongoing safety and security of patients.