DHI publishes medical device cyber security market analysis

Digital Health Intelligence has released the latest instalment of its analyses, where Lloyd Price examines the medical device cyber security (MDCS) market.

The report presents a mixed picture of MDCS across the NHS in England. Despite guidance being issued to NHS trusts for the procurement, development, and management of connected medical devices, many trusts struggle with legacy devices and lack resources for effective MDCS programmes.

Many NHS trusts rely on older medical devices that do not have robust cyber security features or receive ongoing security updates, the report explains. In addition, most trusts lack experienced staff and the resources to design and deliver an enhanced MDCS programme.

Available funding

NHS England has not announced any funding specifically for MDCS, however recent 2024/25 NHSE priorities and operational planning guidance state “expectations are for ICBs to have a system-wide plan for maintaining robust cyber security”. The market analysis report adds that it is highly likely ICB funding will be made available to MDCS suppliers.

Example of best practice

Price highlights four examples of MDCS in the NHS, including at Milton Keynes University Hospital NHS Trust. The organisation is protecting itself and its medical devices from cyber attacks by deploying Darktrace’s Self-Learning AI and Autonomous Response technologies. Darktrace’s AI shines a light into hard-to-track places, giving Milton Keynes University Hospital’s security team visibility into its entire dynamic workforce.

South Tees Hospitals NHS Foundation Trust is another example of MDCS success, with the trust implementing Medigate by Claroty, a cyber security platform designed to strengthen the security of medical devices against cyber threats, particularly ransomware attacks.

With the Medigate platform in place and integrated with its new Fortinet solution, South Tees was able to improve its overall security position and gain greater visibility and control over its medical device inventory, the report outlines.

The report also lists the three leading suppliers of MDCS: Cylera, Cynerio and Armis.

Looking ahead

Looking ahead 12 months, NHS trusts and ICBs will focus on providing more training for their staff, increasing best practices and knowledge sharing at a local level, investing in their workforces and updating their risk mitigation plans in anticipation of potential attacks on both connected and medical devices, the report reads.

Price says that overall, NHS trusts in England are moving in the right direction with MDCS, but challenges remain. “Continued efforts are needed to streamline the patching process, address legacy devices, and ensure all hospitals and trusts have the resources to implement effective cyber security measures”, Price said.

“Medical device cyber security will continue to be a priority for NHS trusts and hospitals, with both suppliers and NHS Digital supporting them with specialist knowledge, frameworks and solutions,” the report concludes.

The latest MDCS market analysis report can be downloaded in full here.