{"id":198845,"date":"2026-03-24T15:48:00","date_gmt":"2026-03-24T19:48:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/24\/ai-and-medical-device-cybersecurity-the-good-and-bad\/"},"modified":"2026-03-24T15:55:15","modified_gmt":"2026-03-24T19:55:15","slug":"ai-and-medical-device-cybersecurity-the-good-and-bad","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/24\/ai-and-medical-device-cybersecurity-the-good-and-bad\/","title":{"rendered":"AI and Medical Device Cybersecurity: The Good and Bad"},"content":{"rendered":"

AI and Medical Device Cybersecurity: The Good and Bad<\/a><\/p>\n

https:\/\/www.govinfosecurity.com\/ai-medical-device-cybersecurity-good-bad-a-31140<\/a><\/p>\n

Publish Date: 2026-03-24 15:48:00<\/a><\/p>\n

Source Domain: www.govinfosecurity.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

Artificial Intelligence & Machine Learning
\n ,
\n Endpoint Security
\n ,
\n Healthcare<\/p>\n

Is AI Exposing a Growing Vulnerability Risk Mitigation Gap?<\/p>\n

Marianne Kolbasuk McGee (HealthInfoSec) \u2022
\n March 24, 2026 \u00a0 \u00a0 <\/p>\n

Artificial intelligence tools can find more medical device vulnerabilities faster, but not necessarily help much yet in safely prioritizing and addressing the flaws. (Image: Getty Images) <\/p>\n

Artificial intelligence-fueled tools are poised to identify medical device vulnerabilities at a much faster pace and higher volume than traditional tools. But can device manufacturers and healthcare delivery organizations keep up with prioritizing and addressing a tidal wave of newly unearthed flaws?See Also: Reduce Cloud Risk in Healthcare with Security by Default
\nTools powered by large language models could soon ramp vulnerability discovery for device manufacturers but for now, they’re unable to supply the context healthcare clinics and manufacturers need.
\n“As the volume of discovery goes up, the management problem becomes bigger. And what we’re seeing right now is there is going to be an absolute avalanche of vulnerabilities coming out,” said Jason Sinchak, CEO and co-founder of medical device cybersecurity firm Elton.
\n Sinchak said tools powered by AI and automation are already capable of identifying security flaws at a speed and scale that traditional methods cannot match. What once required weeks of effort can now be completed in a fraction of the time, with even greater output.
\n“With AI, we have discovered that it’s possible to do autonomous penetration testing, combined with autonomous vulnerability scanning and code scanning, and effectively drop an agent on some of these targets, and the results are mostly staggering,” Sinchak said.
\n“There are hundreds of true positive results, in a matter of hours \u2026 days at most.” The volume of known medical device vulnerabilities went up by 40% in 2025, “and we would expect that to continue and probably increase,” he said.
\nFor manufacturers, that creates a growing backlog of issues that must be assessed, prioritized and, in some cases, remediated – often with workflows that were never designed to operate at this scale.
\nDespite the productivity gains AI can bring to identifying medical device vulnerabilities, the tools have limitations when it comes to manufacturers using AI to make decisions about what’s critical to fix and what’s not in highly regulated medical devices, he said.
\nThat’s because while AI-enabled tools can help identify vulnerabilities in medical devices “in the “front and back end – you can’t use it in the middle for decision-making from a regulatory perspective,” Sinchak said.
\n“The FDA doesn’t let you use AI to make vulnerability decisions, per se. Because it has to be defensible, right? It has to be explainable why this decision was made, fully traceable from a regulatory perspective,” he said referring to the U.S. Food and Drug Administration.
\nDavid Brumley, chief AI and science officer at security firm Bugcrowd, said that the flip side of vulnerability discovery – AI-aided management and remediation – is at best at the research stage.
\n“We don’t have real production systems that are doing this,” he said.
\nVulnerability remediation for the hundreds, if not tens of thousands of medical devices in any one clinic, hospital, medical center or integrated healthcare system is an immense challenge.
\nThere’s rarely a convenient or perfectly safe time to apply a patch or other remedies to life sustaining equipment, whether it be patient monitoring systems, infusions pumps, anesthesia machines, medical imaging gear, or any of the countless other devices – big and small – in a clinical environment.
\nScheduling is the least of the problems. Any new patch or modification could have serious impact on the components and software of other critical medical gear in terms of interoperability, function and access. Right now, production AI tools are not addressing these issues for healthcare delivery organizations, but certain developments underway could help, other experts said.
\nAs manufacturers become more comfortable in sharing software bills of materials – a requirement that went into effect in 2023 as part of the FDA premarket submission review process – and hospitals and healthcare systems will have a much better view into components in their medical devices, that could aid in the highly complicated work involved with identifying a potential issue and addressing it, said Phil Englert.
\nWith the SBOM information, hospitals “can then scan their asset and sub-asset management systems and identify which devices may have this component,” said Englert, vice president of medical device security at the Health Information Sharing and Analysis Center.
\nWhen pairing medical device SBOMs with evolving AI enabled tools, the management of medical devices, including addressing vulnerabilities, will also become easier, he predicted.
\n“The more consistent and high-quality SBOMs we get, the more effective we will be in managing and maintaining the resilience of our medical device infrastructure.”
\nBut in the meantime, as healthcare sector stakeholders increasingly rely on AI-enabled tools to help address medical device vulnerability and related issues, those same tools can be dangerous weapons in the hands of threat actors.
\n“It’s very accessible for someone of relatively low skills to be able to use these tools and to find these kinds of vulnerabilities,” Sinchak said.
\nThis means vulnerability discovery is no longer limited to elite researchers and medical device developers. A much broader pool of actors can now identify exploitable flaws, he said.
\nBrumley said that even unsophisticated or unintended actions by potential threat actors using AI can be dangerous. “I worry quite a bit about attackers making mistakes,” he said. Things like infusion pumps or machines delivering a dose of radiation – “we really want to make sure those are secure, because any miscalculation could be fatal.”<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

AI and Medical Device Cybersecurity: The Good and Bad https:\/\/www.govinfosecurity.com\/ai-medical-device-cybersecurity-good-bad-a-31140 Publish Date: 2026-03-24 15:48:00 Source…<\/p>\n","protected":false},"author":1,"featured_media":198846,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/ismg-cdn.nyc3.cdn.digitaloceanspaces.com\/articles\/ai-medical-device-cybersecurity-good-bad-image_large-6-a-31140.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,24,27],"class_list":["post-198845","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/198845"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=198845"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/198845\/revisions"}],"predecessor-version":[{"id":198847,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/198845\/revisions\/198847"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/198846"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=198845"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=198845"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=198845"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}