How can medical devices be a cybersecurity risk?

Medical devices are often connected to hospital networks, but rarely updated, which can make them a weak point for cybersecurity in hospitals. This is an especially pressing issue in the UK, where the NHS operates through an interconnected IT system. Most medical devices are used for around five times the lifespan of standard IT assets, and are run on outdated operating systems with many associated vulnerabilities. These devices are usually patched by vendors at a cost, leading to unpatched devices due to budget constraints.