THE HAGUE, The Netherlands, Aug. 07, 2025 (GLOBE NEWSWIRE) -- Over 1.2 million internet-connected healthcare devices and systems with exposure that endanger patient data shown in new research by European cybersecurity company Modat. Our findings show 81K+ exposed systems Ireland and 77K+ Great Britain (most results across Europe, the USA, and the MENA).
Research was conducted using Modat's unique internet scanning platform Modat Magnify. Findings across 70+ different types of medical devices & systems including: MRI, CT, X-rays, DICOM viewers, Blood test systems, hospital management systems, and other accessible medical systems. Reasons for Vulnerable Devices are misconfigurations and insecure management settings, default or weak passwords, unpatched vulnerabilities in firmware or software.
Researchers discovered many systems lacked even basic authentication. Some used factory-default or weak passwords like, “admin” or “123456.” In other cases, outdated or unpatched software left critical devices vulnerable to exploitation. These oversights compromise patient confidentiality and may open a path for cybercriminals to carry out fraud, extortion, or network infiltration.
One scan, for instance, exposed a patient’s chest and brain MRI results, with names and medical history. Records include highly sensitive PHI info & PII info. Our researchers uncovered a range of other medical images: optician eye exams, dental X-rays, blood test results, detailed lung MRIs commonly used to aid patients suffering from lung cancer.
Modat immediately reached to international partners Health-ISAC and Dutch CERT Z-CERT to initiate process of Responsible Disclosure as they will reach out to affected organisations to assist them in fixing these security breaches.
The findings emphasize that cybersecurity in healthcare is an IT concern, and a matter of patient safety.
These systems should never be exposed to the internet in the first place. Soufian El Yadmani, Modat CEO stated, “The question we should be asking is: Why are there MRI scanners with internet connectivity that lack proper security measures?”
El Yadmani continued, "The primary risk is unnecessary network exposure. These medical systems should only be connected to secure, properly configured networks when there is a legitimate clinical need for remote access.”
Recommendations include need for organizations to implement regular security assessments and maintain comprehensive asset inventories, continuous monitoring of network-connected devices is essential for identifying potential exposures, misconfigurations, or emerging vulnerabilities.
Full blog post is available at http://bit.ly/4moChak
A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/dfbad266-58bb-45df-989a-8304460f19fe
Media inquiries: bessie@modat.io
Source(s) : Modat
