Modat Study: Over 1.2 Million Healthcare Devices Exposed Online

Over 1.2 million internet-connected healthcare devices and systems have been identified as being vulnerable to cybersecurity risks, according to research conducted by European cybersecurity firm Modat. The study highlighted notable exposure levels, with over 81,000 devices in Ireland and more than 77,000 in Great Britain, among the largest figures documented across Europe, the USA, and the MENA region.

Research utilized Modat's internet scanning platform, Modat Magnify, to examine over 70 different types of medical devices and systems. Findings indicated that misconfigurations, insecure management settings, default or weak passwords, and unpatched vulnerabilities in firmware or software created avenues for potential breaches. For example, many systems lacked basic authentication, and some utilized factory-default passwords.

A specific incident showed that a scan exposed detailed medical records, including sensitive patient information such as chest and brain MRI results and blood test outcomes. These findings raised concerns over patient confidentiality and the potential for exploitation by cybercriminals.

In response to the findings, Modat reached out to international partners including Health-ISAC, the Dutch Computer Emergency Readiness Team (CERT), and Z-CERT to begin the process of responsible disclosure to assist affected organizations in mitigating these security vulnerabilities.

Soufian El Yadmani, CEO of Modat, emphasized the importance of network security for medical devices. He stated, “The question we should be asking is: why are there MRI scanners with internet connectivity that lack proper security measures?” El Yadmani also noted that unnecessary network exposure presents a significant risk, advocating for organizations to connect medical systems only to secure networks when remote access is clinically necessary.

Recommendations for affected organizations include implementing regular security assessments, maintaining asset inventories, and monitoring connected devices continuously to identify risks related to misconfigurations or emerging vulnerabilities.