Network-connected imaging devices are among the most frequently targeted IoMT assets due to their broad attack surface and critical role in care delivery. These systems often run legacy operating systems and connect to hospital networks to transmit large image files (via protocols like DICOM), making them attractive backdoors for attackers[1][2]. A successful attack on imaging equipment can disrupt diagnostics and emergency triage – for instance, the 2017 WannaCry ransomware outbreak affected radiology departments in the UK, crippling MRI and CT scanners[1]. Recent research confirms that imaging devices consistently harbor known exploits: a 2025 analysis of 195,000 imaging machines found 28% contained known exploited vulnerabilities, and 99% of healthcare organizations had at least one vulnerable imaging system[2]. Attackers frequently target these devices with ransomware (8% of imaging devices in one study had ransomware-linked flaws) because disabling imaging forces hospitals into costly downtime or patient diversion[3]. Insecure configurations (e.g. open ports, default passwords) further heighten the risk, positioning imaging systems as a top target year after year for both data theft and operational sabotage.
Internet-enabled infusion pumps are ubiquitous in healthcare and have long been a prime cyber target. These devices deliver critical medications (painkillers, insulin, chemotherapy, etc.) and often feature wireless connectivity for central monitoring – a convenience that introduces security gaps[4]. Studies suggest as many as 75% of infusion pumps carry known security vulnerabilities exploitable by hackers[5]. Weak network protections and default credentials have enabled attackers (or researchers) to remotely manipulate pump settings. Notably, in 2015 the FDA took the unprecedented step of urging hospitals to stop using a popular Hospira Symbiq infusion pump after a vulnerability was found that allowed unauthorized remote control of the pump, potentially changing medication dosages delivered to patients[6][7]. Such a breach could lead to dangerous over- or under-infusion of drugs[8]. Similar flaws have been reported across multiple manufacturers – for example, DHS advisories in 2019 flagged security issues in BD infusion pump models[9]. The high volume of these pumps in hospitals, combined with often outdated firmware and lack of encryption, makes them a consistent target for cyberattacks aiming to disrupt therapy or even harm patients.
Implantable cardiac devices like pacemakers and ICDs have been under the cybersecurity microscope for over a decade due to their life-critical function. These devices communicate wirelessly with external programmers or home monitoring units, and historically their communications lacked robust security. In 2017, the FDA revealed a serious vulnerability in a family of pacemakers that could be exploited via its transmitter unit – attackers could alter the device’s settings, rapidly deplete the battery, or even deliver unintended shocks[10][11]. This led to a major firmware patch recall to mitigate the risk. Similarly, researchers in 2018 found Medtronic pacemakers with severe flaws allowing remote takeover of the device’s radio communications[12]. Although fortunately no known malicious attack on a pacemaker has been reported in the wild[13], the potential consequences (e.g. stopping a heart or inducing arrhythmia) make these implants high-value targets for cyber mercenaries and nation-states in theory. Past incidents have spurred manufacturers to harden device security (e.g. disabling remote features – famously, Vice President Dick Cheney had the wireless feature on his defibrillator disabled as a precaution[14]). Nonetheless, legacy cardiac implants remain susceptible to attacks on their telemetry units or programmers, keeping them on the list of top IoMT devices of concern.
Wearable or implantable insulin pumps and continuous glucose monitors (CGMs) are another frequently targeted IoMT category, given their widespread use by diabetic patients and the direct harm that could result from manipulation. Many insulin pumps use wireless links (to glucose sensors or smartphone apps), and earlier models often lacked authentication or encryption. This has led to eye-opening demonstrations by security researchers: in 2011–2012, McAfee researcher Barnaby Jack showed he could hack an insulin pump from up to 300 feet away and force it to dispense its entire 300-unit reservoir of insulin, a dose that could be lethal[15][16]. In 2019, the FDA issued a warning and Class I recall for certain Medtronic insulin pumps due to vulnerabilities that could allow hackers to interfere with insulin delivery or alter pump settings[17]. These incidents highlight common weaknesses like insecure radio communication protocols and hard-coded device IDs. Attackers could exploit such flaws to cause hypoglycemic overdoses or simply extort device manufacturers. While modern pumps are improving security (e.g. encryption, pairing requirements), the large installed base of older insulin pumps and glucose monitors keeps this category in attackers’ sights. Even short of harming patients, compromising a diabetes device can expose sensitive health data or serve as a foothold into home healthcare networks.
Connected patient monitors – both in clinical settings and at home – have consistently been found vulnerable, making them frequent targets for cyber intrusions. Hospital bedside monitors (for heart rate, blood pressure, oxygen saturation, etc.) often run on aging platforms and connect to central stations or EHR systems, creating multiple attack vectors. For example, Forescout researchers recently identified that certain networked electrocardiograph machines contained default administrative passwords, a glaring weakness allowing easy unauthorized access[18]. (In fact, Forescout noted that Philips PageWriter ECG devices were among the top three most vulnerable IoMT devices in one survey due to such default account issues[18].) In the consumer realm, internet-enabled baby and fetal monitors have been hijacked by hackers – underscoring the risks in similar medical monitors. In one 2018 case, an attacker breached a baby heart monitor and then leveraged that compromised device to access other smart devices on the same network[19]. This “pivot” attack was possible because the monitor lacked basic authentication and encryption. Generally, patient monitors are targeted not to directly harm patients (though false readings could delay care), but rather to exfiltrate physiological data or open a backdoor into hospital systems. Their prevalence and oftentimes poor security hygiene (e.g. outdated software, open ports) ensure these devices remain a staple on the list of vulnerable IoMT targets.
Wearable health tech – from fitness trackers and smartwatches to clinical-grade wearables like ECG patches – has exploded in use, and attackers have taken notice. These devices continuously collect sensitive health data (heart rate, activity, sleep, etc.) and sync with mobile apps or cloud services, but they often prioritize convenience over security. If data transmissions are not adequately encrypted, hackers can intercept personal health information in transit[20]. Criminals are attracted to wearables both for the data value (personal health info can be sold or used for identity theft) and as a means to infiltrate larger networks. For instance, a compromised smartwatch or health band paired to a hospital-issued phone could serve as a stepping stone into an enterprise network. There have even been warnings about attackers potentially using hacked wearables to blackmail or extort victims – for example, by obtaining private health metrics or inferring conditions[21]. The risk to patient safety is generally lower with wearables than with implanted devices (a hacked fitness tracker can’t directly injure someone). However, the privacy implications are significant, and large-scale breaches have occurred via wearable ecosystems (e.g. exposure of millions of fitness app user records). Because wearables are so common and often lack strong built-in security or regular patching, they remain a frequently targeted IoMT segment for data-focused attacks.
The rise of telehealth has brought a surge of in-home medical IoT devices – such as wireless blood pressure cuffs, glucometers, pulse oximeters, and telemedicine kits – which are frequently targeted as weak links in healthcare cybersecurity. These remote patient monitoring (RPM) tools collect and transmit a wealth of medical data to providers, often via home Wi-Fi or cellular connections. If the data storage or transmission channels are insecure, attackers can breach them to steal sensitive health information[22]. In fact, an industry study found that 88% of healthcare organizations experienced at least one data breach in the past two years due to a vulnerability in a connected device[23], highlighting how RPM devices can open the door. Beyond privacy concerns, compromised remote monitors could feed false readings to clinicians (for example, spoofing a normal blood pressure when the patient is in hypertensive crisis), directly impacting care decisions. Many of these gadgets lack robust authentication and may use default login credentials, meaning a hacker who finds an internet-exposed device can often access it with minimal effort. Attackers also exploit the reality that patients’ home networks are typically less secure than hospital networks. By targeting a home health monitor, a cybercriminal might gain a foothold to pivot into hospital systems during data synchronization. Given their rapid proliferation and historically weak protections, telehealth monitoring devices have become a consistent target in the IoMT threat landscape, necessitating improved security standards and user education.
Advanced surgical devices – including robotic surgery assistants and teleoperated surgical robots – represent an emerging yet already tested target for cyberattacks. Over the past decade, researchers have repeatedly shown that these systems, which rely on software and networked communication, can be hijacked or disrupted if not properly secured. In one University of Washington experiment, engineers successfully hacked a Raven II tele-surgery robot, demonstrating attacks ranging from denial-of-service (making the robot freeze or jerk mid-procedure) to intercepting and altering surgeon commands in real time[24]. In fact, with a single malicious network packet, the researchers were able to trigger an emergency stop in the robot, completely disabling it[25][26]. While current FDA-approved surgical robots (like the da Vinci system) are usually used on secured local networks, the trend toward remote and internet-based surgery heightens concern. A compromised surgical robot could lead to dire outcomes – an attacker might erratically move instruments or shut down a surgery in progress. Moreover, these platforms often run on standard operating systems that may not be patched frequently due to certification constraints. The combination of high complexity, software reliance, and life-and-death stakes makes surgical systems a high-profile target (even if mainly in theoretical or lab-based attacks so far). The historical pattern of these devices being probed for weaknesses suggests that as telesurgery expands, so will malicious attempts to exploit them, unless significant security measures are put in place proactively[27][28].
Critical life-sustaining medical devices such as mechanical ventilators and anesthesia delivery systems have shown persistent cybersecurity weaknesses, which attackers could exploit with potentially fatal consequences. These devices are increasingly network-connected for remote monitoring and updates, but many were not designed with hostile actors in mind. In 2019, a DHS ICS-CERT advisory revealed a vulnerability in GE Healthcare’s widely used Aestiva and Aespire anesthesia machines that an attacker on the hospital network could abuse to silence alarms and alter the composition of gases delivered to a patient[29]. Such manipulation could knock a patient unconscious or deprive them of oxygen without the clinician’s knowledge. Around the same time, the FDA warned of insecure configurations in certain ventilators that might allow unauthorized changes to ventilation settings, leading to improper patient support. In late 2024, multiple new flaws were disclosed in Baxter’s Life2000 ventilator system – including hard-coded credentials and unencrypted channels – prompting a high-severity alert and eventual product recall due to the risk of hacking impairing respiratory therapy (e.g. shutting off the device or stealing patient data). Thankfully, reported cyber incidents directly harming patients via life-support gear are virtually nonexistent to date. However, the known vulnerabilities and theoretical attack demonstrations keep ventilators and anesthesia units on the radar. Attackers could target them to intimidate hospitals (e.g. via ransomware: “pay or we’ll disable all ventilators”) or as part of a broader sabotage. Because these devices are so critical, regulators now push manufacturers to provide rapid patching capabilities and better safeguards – but older models in use ensure this category remains one of the most sensitive targets in healthcare cybersecurity[17][30].
[1] [4] [12] [13] [14] [21] 6 Medical Devices Hackers Like to Target and Why - GlobalSign
https://www.globalsign.com/en/blog/medical-devices-hackers-target
[2] [3] Claroty reports alarming IoMT, OT device risks as critical vulnerabilities found in 99% of healthcare networks - Industrial Cyber
[5] [20] [22] [23] IoT Devices Are a Leading Vulnerability in Healthcare Data Breaches | IoT For All
https://www.iotforall.com/iot-devices-vulnerability-healthcare-data-breaches
[6] [7] [8] FDA warns of security flaw in Hospira infusion pumps | Reuters
[9] [17] [29] [30] Feds warn of cyber vulnerability in hospital anesthesia machines | MedTech Dive
[10] [11] [19] The Top 5 Healthcare Internet of Things (IoT) Vulnerabilities
[15] [16] Can Your Insulin Pump Be Hacked? - ABC News
http://abcnews.go.com/blogs/health/2012/04/10/can-your-insulin-pump-be-hacked
[18] Forescout Research reveals 162 vulnerabilities in connected medical devices, elevating risks to patient data and safety - Industrial Cyber
[24] We Tried to Operate a Surgical Robot While It Was Being Hacked
https://www.vice.com/en/article/surgery-robot-hacked-raven-ii/
[25] [26] [27] [28] UW researchers hack a teleoperated surgical robot to reveal security flaws – UW News
