Modat identifies 1.2 million exposed healthcare devices and systems with risks to patient data

A study by European cybersecurity firm Modat identified over 1.2 million internet-connected healthcare devices and systems that are at risk of exposing sensitive patient data. The analysis highlighted more than 174,000 vulnerable systems in the United States, with the majority of findings from Europe, the USA, and the MENA region.

The research utilized Modat’s internet scanning platform, Modat Magnify, to assess over 70 types of medical devices and systems, including MRI machines, Current Transformer (CT) scanners, and hospital management software. The identified vulnerabilities stemmed from misconfigurations, weak passwords, and unpatched software.

Many devices were found without basic authentication, often using factory-default passwords such as “admin” or “123456,” and outdated software put critical systems at risk. These weaknesses compromise patient confidentiality and may lead to cybercriminal activities such as fraud or extortion.

Among the sensitive data exposed was a patient's chest and brain MRI results along with medical history. Other findings included optician eye exams, dental X-rays, and blood test results that contained Personally Identifiable Information (PII).

In response to the findings, Modat engaged with international collaborators, including Health-ISAC and the Dutch Computer Emergency Readiness Team (CERT), to initiate Responsible Disclosure processes. This collaboration seeks to inform affected organisations of vulnerabilities and assist in remediation efforts.

The study underscored that cybersecurity within healthcare is an important IT issue impacting patient safety. Soufian El Yadmani, Modat’s CEO, remarked, “Why are there MRI scanners with internet connectivity that lack proper security measures?” He emphasized the need for secure, properly configured networks for medical systems only when remote access is clinically necessary.

Modat recommended regular security assessments, maintaining thorough asset inventories, and continuous monitoring of connected devices to identify vulnerabilities and misconfigurations.