THE HAGUE, Netherlands, Aug. 07, 2025 (GLOBE NEWSWIRE) — New research from European cybersecurity firm Modat reveals over 1.2 million internet-connected healthcare devices and systems are exposed, putting patient data at risk. The study identified more than 81,000 exposed systems in Ireland and over 77,000 in Great Britain, with most cases found across Europe, the U.S., and the MENA region.
The research was carried out using Modat’s proprietary internet scanning platform, Modat Magnify. It examined over 70 types of medical devices and systems, including MRI, CT, X-ray machines, DICOM viewers, blood test systems, hospital management systems, and other accessible medical equipment. The main causes of vulnerabilities were misconfigurations, insecure management settings, default or weak passwords, and unpatched firmware or software flaws.
Researchers found many systems lacked basic authentication, with some still using factory-default or weak passwords like “admin” or “123456.” Additionally, outdated or unpatched software left critical devices open to exploitation. These security gaps threaten patient confidentiality and could enable cybercriminals to conduct fraud, extortion, or network breaches.
One scan, for example, exposed a patient’s chest and brain MRI results, including names and medical histories. The records contained highly sensitive Protected Health Information (PHI) and Personally Identifiable Information (PII). Researchers also found various other medical images, such as optician eye exams, dental X-rays, blood test results, and detailed lung MRIs often used to support lung cancer patients.
Modat promptly contacted international partners Health-ISAC and Dutch CERT Z-CERT to begin the Responsible Disclosure process. These organizations will reach out to affected entities to help address and resolve the security vulnerabilities.
The findings highlight that cybersecurity in healthcare is not just an IT issue but a critical patient safety concern.
These systems should never be accessible directly via the internet. Modat CEO Soufian El Yadmani said, “The real question is: Why are MRI scanners connected to the internet without proper security measures?”
He added, “The main risk comes from unnecessary network exposure. Medical devices should only be connected to secure, well-configured networks when remote access is clinically necessary.”
Recommendations include conducting regular security assessments, maintaining detailed asset inventories, and continuously monitoring network-connected devices to detect potential exposures, misconfigurations, or new vulnerabilities.
Modat Magnify, designed specifically for cybersecurity professionals, was used to identify the misconfigured and vulnerable devices. This platform scans and catalogs internet-connected devices, assigning each a unique profile in its database to aid in vulnerability and configuration management.
By running a Modat Magnify query using the ‘device DNA’ tag HEALTHCARE, researchers identified over 1.2 million devices accessible on the open internet. Although the data may include some honeypots, the findings are still alarming. Many devices are exposed due to security weaknesses, misconfigurations, or lack of proper authentication. The query results provide detailed information on device types, IP addresses, geographic locations, and more.
Geographically, the top 10 countries with the highest numbers (at the time of the scan) were:
- United States (174K+)
- South Africa (172K+)
- Australia (111K+)
- Brazil (82K+)
- Germany (81K+)
- Ireland (81K+)
- Great Britain (77K+)
- France (75K+)
- Sweden (74K+)
- Japan (48K+)
Researchers were able to delve deeper into the data by specifically searching for MRI scanners with unintended access points.
Because many scanners were not securely configured, they uncovered brain scan images that included patients’ names and scan dates. Using this approach, they also accessed various other medical images such as optician eye exams, dental X-rays, blood test results, and detailed lung MRIs often used to support lung cancer patients—revealing a disturbingly large number of exposed medical records.
In some cases, these systems had no authentication in place at all; in others, weak or default manufacturer-set credentials were used. Additionally, misconfigurations allowed excessive access to devices vulnerable to zero-day attacks or known exploits. Some of the devices were legacy systems still in use despite being out of support.
