TRIMEDX Vice President of Cybersecurity Dennis Fridrich was recently interviewed for a DOTmed HealthCareBusiness News feature covering the highlights of his AAMI eXchange presentation where he emphasized that HTM leaders must take proactive, collaborative action to secure medical devices as cyberthreats surge, visibility gaps persist, and ransomware costs skyrocket. The full article, as it appeared July 8, 2025, is below.
By Keri Forsythe-Stephens
Gone are the days of sitting on the sidelines, according to Dennis Fridrich, vice president of cybersecurity at TRIMEDX. With cyber threats escalating and medical devices growing more vulnerable every day, Fridrich didn’t mince words at last week’s AAMI eXchange in New Orleans. During his session, "Cybersecurity Principles Modern HTM Leaders Need to Master for Success", he urged healthcare technology management (HTM) leaders to take a proactive role in securing healthcare systems.
The numbers, he said, speak for themselves. More than half of medical devices contain critical vulnerabilities, and most remain unpatched. Ransomware attacks against healthcare surged 128% last year. Meanwhile, 700,000 cybersecurity positions remain unfilled, and ransomware losses now average between $15 million and $100 million.
Suffice it to say, the situation has never been more dire.
Visibility is step one
Visibility isn’t a luxury, it’s the backbone of any cybersecurity program, Fridrich emphasized. He pointed to the National Institute of Standards and Technology (NIST) Cybersecurity Framework as a trusted guide. Yet many hospitals still miss a crucial step: aligning device inventories with network endpoints. That’s a major problem, especially when 70% of attacks originate there. Without the right tools, medical devices blur into the sea of phones and connected systems on hospital networks.
The solution? Accurate inventory mapping and a robust risk management platform.
Fridrich recommends starting with the computerized maintenance management system (CMMS). Look for fields capturing MAC addresses, IPs, operating systems, and installed software, he said. “If those fields exist, HTM teams should start manually collecting and populating as much of that data as possible since these are the required data points.” At the same time, IT should collaborate with vendors to identify devices on the network and feed that data into hospital systems — keeping CMMS records synced and current.
Without that visibility, mitigation efforts stall. Hospitals face a host of vulnerabilities but often lack clarity on which ones are being actively addressed. “Considering that a majority of medical devices are running some version of Windows, whenever a Windows vulnerability is discovered, it is worth investigating and working with the OEMs to determine whether the device could be impacted,” Fridrich said.
He also called for dedicated teams to monitor vulnerability disclosures and cross-reference them against CMMS data. “It is assumed the CMMS record has the manufacturer and model captured on it,” he added.
Detecting cyber threats
Even with strong visibility, detection remains a major hurdle. On average, breaches take nearly 300 days to detect and contain. And with more than 1,000 OEMs issuing monthly vulnerability updates, the complexity can quickly spiral. That’s why, according to Fridrich, mapping vulnerabilities to device inventories isn’t just smart—it’s essential.
Another must-have? Continuous monitoring. Devices running outdated operating systems don’t just hinder performance—they jeopardize patient safety and hospital operations. With 66% of connected devices storing protected health information, the stakes couldn’t be higher. Compounding the issue, hospitals lose up to 20% of mobile devices each year, many still running unsupported software.
Real-time monitoring, Fridrich said, helps flag what needs patching, replacing, or lockdown before minor vulnerabilities become full-blown crises.
The weakest link
Incident response often proves to be the weakest link. Roughly 37% of healthcare organizations lack a formal plan, leading to costly confusion and downtime. Fridrich stressed that effective plans require clear goals, executive buy-in, defined roles, and measurable success metrics. He pointed to NIST’s Contingency Planning Framework — especially the Cyber Incident Response Plan and Information System Contingency Plan — as gold standards.
“Patient clinical care is the highest priority,” Fridrich said. “So, when a critical device is affected by a significant vulnerability, it is important to communicate with the clinical team to explain the risk and align on when the device can be safely removed from the environment of care to address the issue.”
If an incident does occur, he added, the response plan must be activated immediately and all necessary actions coordinated with Incident Command.
Don’t skip recovery
Recovery planning is equally vital. The average cost of ransomware recovery in healthcare has more than doubled, rising from $1.27 million in 2021 to $2.57 million in 2024. Yet many organizations still don’t have a tested recovery strategy in place.
Fridrich advised that plans be updated annually, tested regularly and, crucially, built in collaboration with clinical teams.
Governance ties it all together
Cybersecurity can’t be siloed, Fridrich warned, it must begin at the top and be shared across departments. Too often, clinical engineering and IT operate in isolation, creating dangerous oversight gaps. And without active engagement from OEMs, those gaps only grow wider.
“The collaboration between the hospital and the OEMs is vital for cyber remediation,” Fridrich said. “There should be a team focused on vulnerability identification and OEM outreach to properly assess medical device risks in the environment, OEM responsiveness to vulnerabilities, and to measure the hospital’s medical device cyber-risk posture.”
His personal adage says it all: “Cybersecurity for medical devices takes a village, and everyone in the village needs to participate in ensuring medical equipment is secured from bad actors.”
Because in medical cybersecurity, it’s not a question of if they strike, but when.