A medical device is very different from a standard PC. It is a fixed-function device with customized software as medical devices are optimized to reduce processing cycles and memory usage, and so they often lack the resources to run additional software beyond their core functions. Security solutions designed for PCs are, in most cases, not applicable to medical devices.

When securing medical devices, here are some of the main challenges:

1. Non-secure design—Many legacy medical devices were designed with the assumption that they will not be exposed to security threats, and security was not seen as a top priority.
   
2. Long living devices—Medical devices are often deployed for as long as 10-20 years, far more than the average life of a PC. Even if security was taken into consideration when the device was built, it is difficult to protect against security threats of the future.
   
3. Critical Devices: Many medical devices, particularly Class III devices, are life-sustaining, have a significant impact on patient care, or handle extremely sensitive data.
   
4. Customized configuration— A medical device is often made in huge quantities with the exact same software and hardware configuration, in contrast to PCs, which may have varied software or hardware configurations. An assault that is effective on one of these devices can be repeated across other devices.
   
5. Patching restrictions—After deployment, the medical devices typically only run the initial factory-installed software, and any change or patch updates must be performed carefully as per the Medical device regulations and in consultation with the manufacturer.
   
6. Insider threats—Medical staff frequently accesses medical equipment, and a nefarious insider or a hacked user account could result in data theft or unauthorized control of the device.
   
7. Outside security perimeter deployment—some medical devices are moved to locations (home etc.) outside the protection of the corporate network or hospitals.
   
8. Connected devices: In recent years the need for connected use cases for medical devices have increased manifold. Devices connected to internet pose a greater security threat as compared to medical devices not connected to internet.