Reviewed by Christian Espinosa, MBA, CISSP · Founder & CEO
Published December 2025 · Last reviewed May 2026
The Med Device Cyber Podcast · December 30, 2025 This episode of The Med Device Cyber Podcast delves into the critical and increasingly urgent issue of medical device cyber failures, exploring instances where vulnerabilities have led to direct patient harm, including fatalities. Hosts Trevor Slatterie and Christian Espinosa discuss pivotal historical events such as the 2017 WannaCry ransomware attack, which served as a catalyst for modern cybersecurity requirements in healthcare. The discussion highlights the severe downstream effects of ransomware on healthcare delivery organizations, ranging from operational shutdowns to an inability to provide critical patient care, citing evidence that directly links cyberattacks to patient deaths, notably in the NHS blood centers incident in the UK. Beyond ransomware, the episode unpacks targeted attacks, referencing the theorized and later proven vulnerabilities in implantable devices like pacemakers and defibrillators, drawing parallels to incidents involving Dick Cheney and Medtronic devices. The hosts also touch upon the dangers of software errors, such as the Therac-25 recall, and the emerging challenges of AI in therapy, where a lack of guardrails can lead to catastrophic safety concerns. The conversation underscores the FDA's heightened scrutiny and the industry's shift towards proactive cybersecurity measures, emphasizing that while compliance can be challenging, it is essential for ensuring patient safety and device quality.
Key Takeaways
- The 2017 WannaCry ransomware attack was a significant catalyst for the implementation of modern cybersecurity requirements in medical devices and healthcare delivery organizations.
- Cyberattacks, particularly ransomware, can have severe downstream effects on healthcare operations, directly leading to patient harm, an inability to provide critical treatment, and even death.
- Targeted attacks on implantable medical devices, such as pacemakers and defibrillators, have been proven possible and pose a serious risk, necessitating robust security measures for device integrity and patient safety.
- The integration of AI in medical devices and therapy requires stringent guardrails and validation to prevent harmful outputs and ensure patient safety, as demonstrated by incidents of AI encouraging suicidal ideation.
- Regulatory bodies like the FDA are increasingly enforcing cybersecurity due diligence for medical device manufacturers, shifting the industry towards proactive security postures to minimize risks to patients.
- Cybersecurity in medical devices, while often perceived as a 'necessary evil,' is fundamentally about ensuring patient safety, preventing risks ranging from widespread ransomware to targeted individual harm, and guaranteeing the quality and effectiveness of healthcare technology.
Listen on mdcpodcast.com · Watch on YouTube
Listen to this episode
Want help applying this to your own device program?
Blue Goat Cyber is a specialist medical device cybersecurity firm: 250+ FDA submissions, zero rejections. If anything in this conversation hit close to home, book a 30-minute strategy session - no cost, no obligation.