Medical devices vulnerable to exploits and insecure connections

A new report from Claroty finds that 89 percent of healthcare organizations have medical devices vulnerable to ransomware-linked exploits and insecure internet connectivity.

Based on analysis of more than 2.25 million Internet of Medical Things (IoMT) devices and 647,000-plus OT devices across 351 healthcare organizations, the report finds 99 percent have at least one known exploited vulnerability (KEV) in their networks, while 78 percent of hospitals have OT devices with KEVs, including building management systems, power supplies, and temperature controls.

Overall, IoMT devices, especially those running on legacy Windows and Linux operating systems that may no longer be supported with security or feature updates, are at particular risk. 96 percent of those organizations known vulnerabilities have KEVs linked to active ransomware campaigns, which if exploited can quickly cripple patient care and system availability.

Eight percent of imaging systems (X-ray, MRI, CT scans) have KEVs linked to ransomware, affecting 85 percent of hospitals.

It's not only medical devices that are at risk though, 20 percent of hospital information systems that manage clinical patient data, as well as administrative and financial information, are subject to KEVs linked to ransomware and are insecurely connected to the internet.

The report also shows that Russian cybercrime groups Black Basta and BlackCat/ALPHV have been responsible for major healthcare breaches in 2024, leveraging double-extortion and triple-extortion tactics.

Claroty's survey last year of 1,100 cybersecurity leaders worldwide showed ransomware payments in the healthcare sector at high levels with 78 percent of organizations taking part in the survey reported ransomware payments of $500,000 USD or more

"Hospitals are under immense pressure to digitally transform while ensuring the security of critical systems that support patient care," says Ty Greenhalgh, industry principal for healthcare at Claroty. "Cybercriminals, especially ransomware groups, exploit outdated technology and insecure connectivity to gain footholds in hospital networks. To counter these threats, healthcare security leaders must take an exposure-centric approach -- prioritizing the most critical vulnerabilities and aligning remediation efforts with industry guidelines like the HHS' HPH Cyber Performance Goals -- to protect patient safety and ensure operational continuity."

The full report is available from the Claroty site.

Image credit: Anekoho/Dreamstime.com