Abstract
INTRODUCTION: The increasing integration of connected medical devices and internet of things (IoT) technologies in healthcare has significantly improved patient care and operational efficiency. However, this rapid digital transformation has also introduced serious cybersecurity vulnerabilities in medical devices, posing risks to patient safety and sensitive health data. Cybersecurity threats can allow unauthorized remote access to devices, cause device malfunctions, and lead to data breaches. As medical devices become more interconnected within healthcare systems, ensuring their security has become a critical priority for regulators, nanufacturers, and healthcare providers. METHODS: This study examines the cybersecurity safety communications issued by the U.S. Food and Drug Administration (FDA), between 2013 and 2025, using a systematic qualitative content analysis approach. The analysis focuses on identifying the frequency of alerts, the severity of vulnerabilities, and the potential risks posed to healthcare infrastructure and patient safety. The study also reviews regualtory actions and policy frameworks introduced by the FDA to address cybersecurity risks in medical devices. RESULTS: The analysis found that the FDA issued 18 safety communications related to cybersecurity breaches in medical devices. Among the reported vulnerabilities, 94% were classified as high-risk, indicating severe potential consequences, including unauthorized remote access to medical devices, possible device malfunctions, and exposure of sensitive patient data. Additionally, the results demonstrate a notable increase in FDA cybersecurity safety communications over time, reflecting the growing severity and prevalence of cybersecurity threats in healthcare technologies. DISCUSSION: The finding emphasize the need for stronger cybersecurity strategies in healthcare. Collaboration among medical device manufacturers, healthcare providers, and regulatory agencies, along with continuous monitoring and regulatory compliance is necessary to protect patient safety and sensitive health data in an increasingly interconnected healthcare environment.