1.2 million healthcare devices and systems have had their data exposed online, putting patient records in jeopardy of being compromised.

New research by European cybersecurity company Modat has revealed that over 1.2 million internet-connected healthcare devices and systems are exposed, endangering patient data. The findings highlight significant vulnerabilities across the globe, particularly in regions such as the United States (174K+), South Africa (172K+), and Australia (111K+). The research, conducted using Modat’s unique internet scanning platform, Modat Magnify, identified more than 70 different types of medical devices and systems, including MRI machines, CT scanners, and hospital management systems. Common reasons for these vulnerabilities include misconfigurations, insecure management settings, default or weak passwords, and unpatched software. Many systems lacked basic authentication, with some using easily guessable passwords like “admin” or “123456.”

The implications of these oversights are severe, as they compromise patient confidentiality and create opportunities for cybercriminals to engage in fraud, extortion, or network infiltration. For instance, one scan exposed sensitive patient information, including chest and brain MRI results, complete with names and medical histories. Researchers accessed a variety of medical images, such as eye exams, dental X-rays, and blood test results, all available via the open internet. Modat collaborated with international partners, including Health-ISAC and Dutch CERT Z-CERT, to ensure responsible disclosure of these findings. The research underscores that cybersecurity in healthcare is not merely an IT issue but a critical matter of patient safety. Modat’s CEO, Soufian El Yadmani, raised concerns about the presence of internet-connected MRI scanners lacking proper security measures, emphasising the urgent need for improved cybersecurity protocols in the healthcare sector.