A SYSTEMATIC REVIEW OF CYBERSECURITY ATTACKS ON MEDICAL DEVICES

The increasing integration of medical devices with communication networks and digital systems has significantly expanded the attack surface of modern healthcare infrastructures. This scenario, driven by the advancement of the Internet of Medical Things (IoMT), introduces new cybersecurity challenges that can compromise the confidentiality of sensitive data, the integrity of systems, and, most critically, patient safety. In this context, this paper presents a systematic literature review on cyberattacks targeting medical devices, guided by four research questions: (RQ1) What types of cyberattacks have been reported against connected medical devices? (RQ2) What vulnerabilities are most frequently exploited in these devices? (RQ3) Which categories of medical devices exhibit the greatest exposure to cybersecurity risks? (RQ4) What mitigation strategies and countermeasures are proposed in the literature? The review was conducted following the PRISMA protocol, with searches performed across six academic databases (IEEE Xplore, ACM Digital Library, PubMed, Scopus, ScienceDirect, and Web of Science) covering publications from 2008 to 2024. From an initial set of 1,247 records, 58 studies were selected after applying predefined inclusion and exclusion criteria through a three-stage screening process involving title review, abstract analysis, and full-text assessment. The results indicate that the most prevalent vulnerabilities are associated with weak authentication mechanisms, insecure communication protocols, outdated firmware, and the absence of encryption. Infusion pumps emerged as the most exposed device category, with 75% of units presenting known vulnerabilities, followed by nurse call systems (48%) and implantable pacemakers and defibrillators (40%). Remote attacks via wireless communication, hospital network exploitation, and embedded software manipulation appear as the most frequently reported attack vectors. Based on these findings, a three-layer IoMT attack taxonomy is proposed, organized across the perception/sensor, network/communication, and application/system layers, contributing a structured classification framework to the field. Furthermore, the review identifies six key research gaps, including the scarcity of studies conducted in real clinical environments, the insufficient validation of lightweight security solutions for resource-constrained devices, and the absence of standardized penetration testing frameworks for IoMT. The findings underscore the urgent need for adopting security-by-design practices in medical device development, strengthening regulatory policies, and fostering international collaboration to protect digital healthcare infrastructures.