Connected medical devices are becoming more deeply embedded in NHS infrastructure as digital transformation expands across care delivery. Technologies such as artificial intelligence, the Internet of Medical Things and digital twins contribute to a more interconnected clinical environment, but that shift is also increasing exposure to cybersecurity risk. Connected medical devices depend on networks, cloud services and broader technical infrastructure, meaning a weakness in one area can spread across others. The result is risk that crosses physical, network and cloud layers and can affect confidentiality, integrity and availability simultaneously. These threats also bring cybersecurity closer to patient safety, particularly where devices support monitoring, treatment or automated decision-making. A stronger policy response is therefore needed to address security across the full connected medical device infrastructure.
Bi-Directional Threats Across the Device Ecosystem
Connected medical devices operate within a wider infrastructure where components interact across multiple layers. Earlier approaches have focused on securing individual mechanisms, but modern cyber-attacks can enter through several points and travel across layers in both directions. An attack may begin in the network layer, extend into the physical layer and then move upwards into cloud systems, or take the reverse path and disrupt clinical operations from above.
Connected diabetes management devices illustrate that structure clearly. Attacks can originate in the physical, network or cloud layer, and a breach in one area can create effects beyond the initially compromised component. A man-in-the-middle attack between a continuous glucose monitor and an insulin pump shows how communications could be intercepted, allowing control over data flows. From there, the attack could interfere with sensors, send false commands or corrupt information transmitted to the cloud, affecting monitoring systems or automated processes.
Several incidents demonstrate how such risks materialise. The WannaCry ransomware attack in 2017 showed how malware introduced at cloud level could disrupt physical-layer systems across the NHS, leading to cancelled appointments, diverted emergency services and manual workflows. The MedJack ransomware attack moved in the opposite direction, beginning with vulnerable devices and escalating into hospital networks. The 2024 CrowdStrike outage showed how a faulty update in cybersecurity infrastructure could disable imaging platforms, electronic health records and clinical monitoring systems across hospitals.
Risk Factors at the Physical, Network and Cloud Layers
Risk at the physical and network layer depends on device type, deployment setting and connectivity. The physical layer includes devices such as smart insulin pens, inhalers, hearing aids, wearable electrocardiogram monitors, implantable cardioverter defibrillators and connected ultrasound systems. Consequences of exploitation vary by context. A smart infusion pump in an intensive care unit connected to a secured network may present moderate risk, while a device operating offline through removable media in a rural clinic may face greater exposure due to reduced oversight and infrastructure.
Technical variables also shape risk. Low-energy Bluetooth reduces remote attack exposure but remains vulnerable to nearby interference. Wi-Fi and cellular connections expand functionality while increasing exposure to external threats. Weak authentication and unencrypted data transmission affect both. The Medtronic MiniMed insulin pump vulnerability showed how insufficient protection against authentication attacks could allow interception or manipulation of data within wireless range, altering insulin delivery settings.
Device invasiveness further influences risk. Greater physical integration with the patient increases the severity of potential consequences. A smart pill bottle carries limited direct risk, whereas a pacemaker presents significantly higher stakes due to its role in sustaining cardiac function.
Must Read: Hybrid Encryption Improves Healthcare IoT Data Security
At the cloud layer, risk reflects socio-technical conditions rather than technical architecture alone. Cloud services collect, process and route data through application programming interfaces and gateways. Misconfiguration remains a common risk, often exposing weaknesses in authentication and access control. Identity and access management failures, including excessive permissions and inadequate implementation of least privilege, further weaken security. Organisational factors such as skills shortages, outdated practices or complacency can also increase exposure. Cross-domain threats introduce additional risk, particularly where third-party suppliers or shared systems are compromised, as seen in the Synnovis cyberattack affecting hospital and primary care services.
A Regulatory Agenda for the MHRA
Regulatory reform has strengthened oversight of medical devices in the United Kingdom through the Future Regulation of Medical Devices programme, which places emphasis on digital and connected technologies. Phase 1, implemented in June 2025, strengthens post-market surveillance through closer monitoring of performance, reliability and cybersecurity. Phase 2, which began in 2024, focuses on pre-market requirements and aims to improve how devices are assessed, classified and approved before reaching patients.
Current standards primarily assess risk within individual layers and do not address cascading or bi-directional threats across interconnected components. A more robust approach would require manufacturers to submit cross-layer security risk assessments as part of the approval process, examining how vulnerabilities interact across physical, network and cloud layers and how a breach in one layer could affect another.
Security also needs to be embedded from the outset. Mandatory Secure Product Development Frameworks for new connected medical devices would integrate cybersecurity throughout the product lifecycle. Software Bills of Materials would support this by providing visibility into software components and dependencies, improving supply chain transparency. Governance remains a gap. Current regulation does not clearly define responsibility for patching, access control, recovery or vulnerability management once devices are deployed. A formal framework linking manufacturer obligations with NHS operational responsibilities would support a more coherent approach to cybersecurity.
Connected medical devices are expanding digital care capabilities across the NHS while introducing a more complex cyber-physical risk environment. Threats can move across physical, network and cloud layers through attack, failure or misconfiguration, making fragmented oversight insufficient. A regulatory approach based on cross-layer risk assessment, secure-by-design development and clear accountability would better reflect how these systems operate. Aligning cybersecurity with patient safety within a unified framework would provide a stronger basis for managing risks as connected care continues to evolve.
Source: npj Digital Medicine
Image Credit: iStock
