Munro adds: “Other connected medtech devices Pen Test Partners have found security issues with include cranial stimulators, dosing pumps, and medical robots, among many others. Fortunately, the smart devices threat has been recognized and regulators are starting to take action.”
For example, the US Food & Drug Administration (FDA) introduced FD&C 524b in 2023 to drive cybersecurity in connected medical devices.
Generative AI
As healthcare staff adopt generative AI, the risk of leaking sensitive information through prompts and documents has grown.
Regulated data, such as patient records and medical information, is especially at risk, accounting for 89% of all data policy violations occurring in the context of gen AI usage, significantly higher than the cross-industry average of 31%, according to a 2026 study by Netskope.
Moreover, the Netskope report shows that healthcare organizations’ deployment and usage of internal AI tools, which require bespoke security guardrails, is accelerating. The proportion of healthcare workers using gen AI applications managed by their organization jumped from 18% to 67% in 2025, significantly ahead of cross-industry averages (26% to 62%), according to the study.
The need for bespoke security controls for AI systems is illustrated by research from Mindgard showing that the clinical AI tool Doctronic could be compromised to spread conspiracy theories or even manipulate prescription guidance.
