Cyber incidents are electronic communication between systems, or between systems and people (as when users interact with displays), that can affect the traditional IT triad of C, I, or A. Cyber incidents can be unintentional or malicious. Medical device control system cyber incidents are more prevalent than has been thought.From the December 2025 issue of IEEE Spectrum magazine, 15% of the 56,000medical device recall entries were from “process control” which meant “errors”in the manufacturing process. Medical device control system cyber incidents have led to deaths and injuries. A recent vendor disclosure concerned incorrect low glucose readings that caused 736 serious injuries and seven deaths. The FDA’s medical device cybersecurity requirements are not adequate for control systems. Additionally, appropriate control system cybersecurity training is not available to the manufacturers or end-users. For health and safety, these control system cybersecurity gaps need to be addressed.
