Why This Matters Now: The Escalating Threat Landscape

Cybersecurity matters now because attacks on healthcare have moved from theory to routine. Ransomware has shut down hospital systems, forced patient diversions, and been linked to at least one death, while vulnerability disclosures like URGENT/11 and SweynTooth exposed millions of devices at once. And both the frequency and the severity keep climbing.

1.3.1 Real Incidents That Changed Everything

The healthcare industry has learned hard lessons from major cybersecurity incidents. According to the FDA's 2023 guidance, several high-profile attacks have demonstrated the real-world impact of medical device vulnerabilities.

The WannaCry Wake-Up Call (2017)

The WannaCry ransomware attack serves as a stark example of how cybersecurity threats can impact healthcare globally. As noted in the FDA guidance, this attack "affected hospital systems and medical devices across the globe." Here's what happened:

• Hospital systems in over 150 countries were affected
• Medical devices became inoperable, forcing cancellation of procedures
• Emergency rooms had to divert patients to other facilities
• Some hospitals reverted to paper records for days

The UK's National Health Service took some of the worst damage. The National Audit Office found the attack disrupted at least 81 of England's 236 hospital trusts and led to around 19,000 cancelled appointments and operations (National Audit Office investigation).

The attack didn't specifically target medical devices - it exploited a Windows vulnerability. But because so many medical devices run on Windows, they were caught in the crossfire.

The German Hospital Tragedy (2020)

The FDA guidance also references a particularly sobering incident: "In 2020, a ransomware attack on a German hospital highlighted the potential impacts due to delayed patient care when a cybersecurity attack forced patients to be diverted to another hospital."

This case marked a turning point because:

• A patient died after being diverted to a more distant hospital
• It was the first documented death linked to a cyberattack on healthcare
• It showed that cybersecurity failures can have fatal consequences

1.3.2 The Vulnerability Epidemic

Beyond major attacks, the discovery of widespread vulnerabilities has shown how exposed medical devices can be:

URGENT/11 Vulnerabilities

The FDA guidance specifically mentions URGENT/11, a set of vulnerabilities that affected:

• Devices using real-time operating systems
• Equipment from multiple manufacturers
• Both medical and non-medical devices on hospital networks

SweynTooth Vulnerabilities

Similarly, SweynTooth vulnerabilities, mentioned in the FDA guidance, affected:

• Devices using Bluetooth Low Energy (BLE)
• Wireless medical devices like glucose monitors and insulin pumps
• Potentially millions of devices worldwide

1.3.3 The Increasing Frequency and Severity

The FDA's 2025 guidance states clearly: "Cybersecurity threats to the healthcare sector have become more frequent and more severe, carrying increased potential for clinical impact."

This trend is driven by several factors:

1. More Connected Devices: Hospitals are adding connected devices rapidly
2. Sophisticated Attackers: Criminal groups now have nation-state-level capabilities
3. Financial Motivation: Healthcare data is valuable on the black market
4. Ransomware Evolution: Attacks now threaten to leak patient data if ransoms aren't paid
5. Supply Chain Vulnerabilities: One vulnerable component can affect thousands of devices

The numbers bear this out. The FBI's Internet Crime Complaint Center has reported healthcare and public health as the critical infrastructure sector filing the most ransomware complaints of any sector it tracks (FBI IC3).