These oversights not only compromise patient confidentiality but may also open a path for cybercriminals to carry out fraud, extortion, or network infiltration.
These oversights not only compromise patient confidentiality but may also open a path for cybercriminals to carry out fraud, extortion, or network infiltration.
1.2 Million Healthcare Devices and Systems Found Exposed Online - Patient Records at Risk, Latest Research from Modat
Research was conducted using Modat's unique internet scanning platform Modat Magnify. Findings across 70+ different types of medical devices & systems including: MRI, CT, X-rays, DICOM viewers, Blood test systems, hospital management systems, and other accessible medical systems. Reasons for Vulnerable Devices are misconfigurations and insecure management settings, default or weak passwords, unpatched vulnerabilities in firmware or software.
Researchers discovered many systems lacked even basic authentication. Some used factory-default or weak passwords like, “admin” or “123456.” In other cases, outdated or unpatched software left critical devices vulnerable to exploitation. These oversights compromise patient confidentiality and may open a path for cybercriminals to carry out fraud, extortion, or network infiltration.
One scan, for instance, exposed a patient’s chest and brain MRI results, with names and medical history. Records include highly sensitive PHI info & PII info. Our researchers uncovered a range of other medical images: optician eye exams, dental X-rays, blood test results, detailed lung MRIs commonly used to aid patients suffering from lung cancer.
Modat immediately reached to international partners Health-ISAC and Dutch CERT Z-CERT to initiate process of Responsible Disclosure as they will reach out to affected organisations to assist them in fixing these security breaches.
The findings emphasize that cybersecurity in healthcare is an IT concern, and a matter of patient safety.
These systems should never be exposed to the internet in the first place. Soufian El Yadmani, Modat CEO stated, “The question we should be asking is: Why are there MRI scanners with internet connectivity that lack proper security measures?”
El Yadmani continued, "The primary risk is unnecessary network exposure. These medical systems should only be connected to secure, properly configured networks when there is a legitimate clinical need for remote access.”
Recommendations include need for organizations to implement regular security assessments and maintain comprehensive asset inventories, continuous monitoring of network-connected devices is essential for identifying potential exposures, misconfigurations, or emerging vulnerabilities.
Full blog post, including data visualizations and a detailed breakdown of findings, is available at http://bit.ly/4moChak
Bessie Schenk
Modat
email us here
Visit us on social media:
LinkedIn
Bluesky
X
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
