Aug. 07, 2025 —- New research by European cybersecurity company Modat revealed more than 1.2 million internet-connected healthcare devices and systems are exposed and vulnerable to exploitation endangering patient data. The number one finding in the study showed there are more than 174,000 exposed systems in the United States (most results are across Europe, the USA, and the MENA).
Research was conducted using Modat's unique internet scanning platform Modat Magnify. Findings across more than 70 different types of medical devices and systems including: MRI, CT, X-rays, DICOM viewers, blood test systems, hospital management systems and other accessible medical systems. Reasons for Vulnerable Devices are misconfigurations and insecure management settings, default or weak passwords and unpatched vulnerabilities in firmware or software.
Researchers discovered many systems lacked even basic authentication. Some used factory-default or weak passwords like, “admin” or “123456.” In other cases, outdated or unpatched software left critical devices vulnerable to exploitation. These oversights compromise patient confidentiality and may open a path for cybercriminals to carry out fraud, extortion, or network infiltration.
One scan, for instance, exposed a patient’s chest and brain MRI results, with names and medical history. Records include highly sensitive PHI info and PII info. Researchers uncovered a range of other medical images: optician eye exams, dental X-rays, blood test results, detailed lung MRIs commonly used to aid patients suffering from lung cancer.
Modat immediately reached to international partners Health-ISAC and Dutch CERT Z-CERT to initiate process of Responsible Disclosure as they will reach out to affected organizations to assist them in fixing these security breaches.
The findings emphasize that cybersecurity in healthcare is an IT concern, and a matter of patient safety.
These systems should never be exposed to the internet in the first place. Soufian El Yadmani, Modat CEO stated, “The question we should be asking is, 'Why are there MRI scanners with internet connectivity that lack proper security measures?'”
El Yadmani continued, "The primary risk is unnecessary network exposure. These medical systems should only be connected to secure, properly configured networks when there is a legitimate clinical need for remote access.”
Recommendations include need for organizations to implement regular security assessments and maintain comprehensive asset inventories, continuous monitoring of network-connected devices is essential for identifying potential exposures, misconfigurations, or emerging vulnerabilities.
Full blog post is available at http://bit.ly/4moChak
November 18, 2025 
