How can medical devices be a cybersecurity risk?

Medical devices within the UK’s National Health Service (NHS) are not updated or patched regularly, making them potential cybersecurity weak points. According to Keith Christie-Smith of cybersecurity firm Claroty, medical devices are often used five times longer than other IT assets, leading to outdated operating systems and associated vulnerabilities. Furthermore, the reluctance of vendors to patch these devices and the lack of regular security updates add to the risk.