skip to main content


Computing embedded within medical equipment proved to be particularly vulnerable during the WannaCry cyberattack of May 2017. Both medical equipment suppliers and healthcare providers need to contribute to solving this problem.


  • Healthcare providers should make their own plans to protect legacy and new medical equipment, involving security specialists and considering what to do in the event of a breach.

Features and Benefits

  • Identifies key risk factors for embedded technology within critical medical equipment.
  • Assesses key risk factors for contemporary hospitals.

Key questions answered

  • What are the key lessons learned for embedded technology typically found in some hospital equipment?
  • How can healthcare managers work with suppliers to guard against cyberattacks?

Table of contents


  • Catalyst
  • Ovum view
  • Key messages


  • Recommendations for healthcare enterprises
  • Recommendations for vendors

Vulnerabilities of connected medical equipment

  • General vulnerabilities of connected devices
  • Particular vulnerabilities of medical equipment
  • Healthcare providers' specific risks
  • WannaCry's impact on English NHS medical equipment
  • Impact on medical equipment in the US

Perspectives of equipment makers, Microsoft, and security specialists

  • Equipment makers
  • Microsoft
  • Security suppliers


  • Methodology
  • Further reading
  • Author