Cybersecurity spending in medical device sector will reach $1.2 billion by 2025 driven by escalating health data breaches, says GlobalData

Spending on cybersecurity in the medical device sector will grow from $869 million in 2020 to $1.2 billion in 2025 at a compound annual growth rate (CAGR) of 7.3%, according to GlobalData.

The leading data and analytics company’s latest report, ‘Cybersecurity in Healthcare – Thematic Research’ reveals that increased data access means there are more opportunities for security vulnerabilities in the medical device sector.

Ashley Clarke, Medical Analyst at GlobalData, comments: “The healthcare, pharma, and medical device sectors are particularly susceptible to cyberattacks. Medical history cannot be changed, unlike identification and credit card information, making it invaluable to hackers and resulting in high costs for healthcare data breaches.”

Medical devices have become increasingly connected as remote medicine soared during the COVID-19 pandemic. Many companies now struggle to accommodate provider, patient, and third-party access to sensitive patient information while ensuring security.

Clarke comments: “Hackers can use healthcare information to create fake insurance claims, buy and sell medical equipment, or acquire illegal prescription medications. They can also target victims with fraudulent schemes related to their medical history, which are more believable than financial or legal scams due to the intimate nature of health information.”

According to reports of breaches affecting 500 individuals or more by the U.S. Department of Health and Human Services (HHS) Office of Civil Rights, over 41 million individuals in the US were affected by healthcare data breaches in 2021. Cases affecting more than 22.5 million individuals in the US are currently under investigation this year, which is a 4.6% increase compared to the same time last year.

Clarke continues: “Devices like insulin pumps, heart pacemakers, inhalers, and wearables track patient data in real-time and even transmit to the user’s phone, making the data immediately accessible to both the patient and their doctor. However, this increased data access has made the medical device sector more vulnerable. This change in technology means that medical device companies and their business associates are now responsible for increasingly large amounts of sensitive electronic patient data and have been prey to significant data breaches in recent years.”

Without securing all components of the cybersecurity value chain, medical device companies will remain a primary target for hackers.

Clarke adds: “It’s crucial for companies to invest in a variety of technologies such as chip-based security, network security, and cloud security, at every stage of the product development to ensure patient information is safeguarded. Older legacy devices may be unable to receive security patches, but new devices should have a security update plan in place for their entire device lifecycle.”

Media Enquiries

If you are a member of the press or media and require any further information, please get in touch, as we're very happy to help.

DECODED Your daily industry news round-up

This site is registered on as a development site.