Medical device hardware often remains active for 10-30 years, however, underlying software
life cycles are specified by the manufacturer, ranging from a couple months to maximum life
expectancy per device allowing cyber threat actors time to discover and exploit vulnerabilities.
Legacy medical devices contain outdated software because they do not receive manufacturer
support for patches or updates, making them especially vulnerable to cyber attacks.
