Modat reports over 1.2 million exposed healthcare devices at risk of data breaches.

A report from Modat, a European cybersecurity firm, reveals that over 1.2 million internet-connected healthcare devices are at risk of exposing sensitive patient information. This finding emphasizes the importance of cybersecurity measures for organizations within the healthcare sector.

Study Findings

Modat's examination uncovered more than 174,000 vulnerable healthcare systems in the United States, with additional vulnerabilities identified primarily in Europe and the MENA region. The analysis employed Modat Magnify, a platform that scanned various medical devices, including MRI machines and Current Transformer (CT) scanners.

Identified Vulnerabilities

The research indicated that many devices lack proper authentication methods, using default passwords such as “admin” or “123456,” significantly increasing security risks. Additionally, the presence of outdated software can jeopardize critical operations and patient confidentiality.

Data Exposed

Among the sensitive information at risk were MRI results and detailed medical histories, along with dental X-rays and blood test outcomes that contained Personally Identifiable Information (PII). The extent of this exposure raises concerns about potential cybercriminal exploitation.

Collaboration and Recommendations

In light of these findings, Modat has partnered with organizations like Health-ISAC and the Dutch Computer Emergency Readiness Team (CERT) to begin Responsible Disclosure processes. This initiative aims to inform affected organizations about identified vulnerabilities and to aid in addressing them.

Soufian El Yadmani, the CEO of Modat, highlighted the necessity for secure configurations of medical devices that require internet connectivity, stating the importance of limiting remote access to clinically necessary situations. Modat advocates for ongoing security evaluations, comprehensive asset inventories, and constant monitoring of connected devices.