After decades of accepting cybersecurity as someone else’s problem, healthcare buyers have reached a turning point. Where cost and functionality once dominated purchasing decisions, cybersecurity requirements now serve as mandatory gatekeepers that can eliminate vendors from consideration entirely.

Recent regulatory actions underscore this shift. In early 2025, the FDA and CISA issued warnings about critical cybersecurity flaws in Contec and Epsimed patient monitors — weaknesses that threatened both device integrity and patient safety. The monitors were found to contain a hidden firmware backdoor, allowing unauthorized remote access and potential manipulation of patient data. While no injuries were reported, the message from regulators was clear: medical devices without secure-by-design

See Full Page