AI-enabled medical devices present unique cybersecurity threats

Strategic Intelligence

Wed, May 14, 2025, 6:13 AM 4 min read

Between 2022 and 2027, starring information and analytics institution GlobalData forecasts amusement cybersecurity spending by healthcare providers volition turn astatine a compound yearly maturation complaint (CAGR) of 12.5% from $6.1bn to $10.9bn. This is fuelled by cybersecurity attacks successful healthcare, which person historically been highly damaging to companies and wellness services.

Synnovis, which provides pathology services to the National Health Service (NHS) arsenic a public-private partnership, was taxable to a ransomware onslaught successful June 2024. This resulted successful estimated costs of £32.7m ($43.7m), 7 times the erstwhile year’s profit, portion causing superior disruption to the NHS done information breaches and delayed and cancelled appointments.

Medical devices are often highly connected wrong hospitals, providing a unafraid web for criminals to pat into. Due to these life-saving devices’ retention of highly delicate data, they make a people for cybercriminals to extort organisations trying to support their hospitals and patients. Thus, aesculapian instrumentality companies’ spending connected cybersecurity volition turn astatine a CAGR of 12.9% from $631.2m to $1.2bn to effort to support their devices from attacks. Cybersecurity threats to accepted aesculapian devices see information breaches, malware, and ransomware attacks. As aesculapian devices germinate and incorporated AI, further cybersecurity concerns emerge. A survey revealed that 61% of respondents acknowledged cybersecurity was already impacting the aesculapian instrumentality industry, successful effect to inquiries regarding the timelines for technological disruptions wrong their sector. The US Food and Drug Administration (FDA) has approved implicit 1,000 AI-enabled aesculapian devices, encompassing technologies specified arsenic AI-enhanced imaging machines and AI-integrated stethoscopes. Subsequently, the FDA has made circumstantial cybersecurity warnings astir these devices passim their merchandise beingness cycle. The circumstantial cybersecurity issues include:

• Data poisoning - Malicious oregon fake information tin beryllium injected to distort exemplary outcomes, affecting areas specified arsenic aesculapian diagnosis.

• Model inversion/stealing - Attackers whitethorn deduce exemplary details oregon replicate them, risking intelligence spot theft and exemplary integrity.

• Model evasion - Inputs tin beryllium manipulated to fool AI models into making incorrect predictions, reducing their trustworthiness.

• Data leakage - Hackers mightiness entree delicate grooming oregon inference information from AI systems.

• Overfitting - Threats tin unit models to overfit by grooming the strategy connected information with outliers and noise, alternatively than typical patterns. This reduces the system’s quality to recognize real-world data, making it little adaptable and much susceptible to errors and adversarial manipulation.

• Model bias - Attackers tin manipulate information to present oregon exploit bias, including embedding circumstantial information patterns to aboriginal change the AI’s behaviour (backdoors) oregon skewing circumstantial data.

• Performance drift - Cyber threats tin origin gradual changes successful data, which tin degrade exemplary show implicit clip and summation susceptibility to attacks.