Connected Medical Devices: From Technological Advancement to Legal Risk

Abstract

Connected Medical Devices (CMDs), a key component of the Internet of Medical Things (IoMT), are revolutionizing healthcare by enabling real-time monitoring and data-driven patient management. However, their growing use also raises major cybersecurity and data protection concerns. In Saudi Arabia, while general frameworks such as the Personal Data Protection Law (PDPL) and Essential Cybersecurity Controls (ECC) offer a foundation, they lack CMD-specific provisions. This article examines the risks associated with CMDs, evaluates the Saudi legal framework in comparison with international standards like GDPR and HIPAA, and identifies regulatory gaps. Through legal and comparative analysis, the study proposes concrete recommendations to enhance security, including secure-by-design principles, stronger penalties for data breaches, and training for healthcare professionals. The findings aim to support Saudi Arabia’s Vision 2030 by balancing innovation with robust data protection. This research contributes to the development of a safer and more resilient healthcare system in the digital age.