Healthcare AI medical devices outpacing security controls, survey finds
Healthcare organisations are deploying AI-enabled medical devices faster than they can secure them, according to research from RunSafe Security based on a survey of more than 550 healthcare decision-makers across the US, UK and Germany.
The 2026 Medical Device Cybersecurity Index reveals a widening gap between adoption rates and the ability to manage new threats. These include model manipulation, adversarial inputs and data integrity issues - risks that extend beyond traditional software vulnerabilities.
Some organisations are already using AI-enabled devices while acknowledging they do not fully understand or control the associated risks. This pattern mirrors earlier waves of cloud and connected-device adoption, when implementation outpaced governance and procurement standards.
AI adds layers existing frameworks can't handle
AI in medical devices creates additional failure points because the software depends on training data, model behaviour and input quality alongside conventional code. Security teams must now assess not only whether a device contains known software defects, but also whether it can be manipulated through corrupted data, misleading inputs or altered model outputs.
Existing healthcare security frameworks were not designed for these scenarios. Most were built around patch management, asset inventories and network defence for traditional IT systems, then adapted for connected medical equipment. AI introduces another layer that is harder to test and monitor using established methods.
Security and procurement teams face mounting pressure. Hospitals are beginning to include AI risk in purchasing processes, but standard evaluation methods remain underdeveloped. Teams are balancing demand for new tools against limited guidance on how to compare products or define acceptable risk.
Legacy infrastructure compounds the problem
Many healthcare environments still rely on legacy equipment that cannot be patched easily or at all due to regulatory, operational or vendor constraints. When new AI functions are layered onto those systems, risk spreads across connected workflows.
Devices in hospitals rarely operate in isolation. Imaging systems, patient monitors, infusion equipment and other connected tools sit within broader clinical networks, exchange data with electronic records and support time-sensitive decisions. A weakness in one part of that chain can affect multiple devices.
RunSafe's findings suggest defensive approaches are beginning to shift. Runtime protection and continuous monitoring are gaining attention as ways to secure systems that are difficult to patch or face threats evolving faster than legacy controls can manage.
Governance lags behind deployment
The research points to a recurring pattern: healthcare is adopting major technology layers before governance has fully formed around them. Cloud services and internet-connected medical devices followed the same trajectory, with security teams forced to retrofit policy frameworks after deployment had already begun.
AI is following a similar path. The timing challenge is acute in healthcare, where procurement cycles, clinical validation, cybersecurity oversight and regulatory compliance all intersect. A device may promise diagnostic or workflow gains, but security questions extend far beyond code updates.
Buyers must now understand how models are trained, how outputs are validated and how anomalies are detected once systems are in use. This responsibility often falls to security teams that lack clear frameworks for AI risk assessment.
The research also identifies an organisational gap. It remains unclear who owns AI risk review - IT security, biomedical engineering, procurement leaders, clinical safety teams or some combination. This ambiguity can delay or derail proper oversight.
New defences emerging
As AI-assisted functions become more common in medical devices, healthcare organisations face a dual challenge: managing software exposure in ageing infrastructure while addressing model trust, data integrity and operational resilience.
Runtime protection and continuous monitoring are emerging as practical responses where traditional patching falls short. These approaches may help organisations detect and respond to threats faster than legacy controls allow, particularly in environments where updates are difficult to deploy.
For professionals managing healthcare IT and security, the findings suggest that procurement and governance decisions made now will determine how well organisations can manage AI-related risks as adoption accelerates.
Learn more about AI for Healthcare and AI for Cybersecurity Analysts to build expertise in these emerging risk areas.
Your membership also unlocks:
