• Skip to main content
  • Skip to secondary menu
  • Skip to footer

Cybersecurity Market

Cybersecurity Technologies & Markets

  • Cybersecurity Events 2025-2026
  • Cybersecurity Jobs
  • Sponsored Post
    • Make a Contribution
  • Market Reports
  • About
    • GDPR
  • Contact

1.2 Million Healthcare Devices and Systems Found Exposed Online – Patient Records at Risk of Exposure, Latest Research from Modat

August 7, 2025 By CyberNewswire Leave a Comment

The Hague, Netherlands, August 7th, 2025, CyberNewsWire

Over 1.2 million internet-connected healthcare devices and systems with exposure that endanger patient data shown in new research by European cybersecurity company Modat. Global findings showing Top 10 Regions (most results are across Europe, the USA, and South Africa): 

  • United States (174K+)  
  • South Africa (172K+)  
  • Australia (111K+)  
  • Brazil (82K+)  
  • Germany (81K+)  
  • Ireland (81K+)  
  • Great Britain (77K+)  
  • France (75K+)  
  • Sweden (74K+)  
  • Japan (48K+) 

Research was conducted using Modat’s unique internet scanning platform, Modat Magnify. Findings range across more than 70 different types of medical devices and systems including: MRI, CT, X-rays, DICOM viewers, Blood test systems, hospital management systems, and other accessible medical systems. Multiple Reasons for Vulnerable Devices include misconfigurations and insecure management settings, default or weak passwords, and unpatched vulnerabilities in firmware or software. 

Researchers discovered that many systems lacked even basic authentication, and some used factory-default or weak passwords like, “admin” or “123456.” In other cases, outdated or unpatched software left critical devices vulnerable to exploitation. These oversights not only compromise patient confidentiality but may also open a path for cybercriminals to carry out fraud, extortion, or network infiltration. 

One scan, for instance, exposed a patient’s chest and brain MRI results, complete with names and medical history. Records include highly sensitive information such as Personal Health Information (PHI) and Personal Identifying Information (PII). Their researchers have uncovered and identified brain scan images, complete with patients’ names and scan dates. Using the same method, they accessed a range of other medical images: eye exams from opticians, dental X-rays, blood test results, and even detailed lung MRIs commonly used to aid patients suffering from lung cancer. A wide number of exposed medical documents. All accessible via the open internet – and in some cases, dating back to previous years. 

Modat worked with international partners Health-ISAC and Dutch CERT Z-CERT to ensure responsible disclosure. 

The findings emphasize that cybersecurity in healthcare is not only an IT concern, but it’s a matter of patient safety. They immediately initiated the process of Responsible Disclosure by reaching out to affected organisations to assist them in fixing these security breaches through organizations like Z-CERT and Health-ISAC. Here is a link to the Health-ISAC post for their Monthly Threat Briefing (Monthly Threat Briefing) 

These systems should never be exposed to the internet in the first place. Soufian El Yadmani, Modat CEO stated, “The question we should be asking is: Why are there MRI scanners with internet connectivity that lack proper security measures?” 

El Yadmani went on to say, “The primary risk is unnecessary network exposure. These medical systems should only be connected to secure, properly configured networks when there is a legitimate clinical need for remote access. While remote MRI operations are becoming more common to address staffing shortages and provide specialized expertise, many systems remain exposed to the internet without adequate cybersecurity measures.” 

Recommendations in the research include the need for organizations to implement regular security assessments and maintain comprehensive asset inventories, as personnel changes and operational modifications can introduce configuration drift and security gaps. Continuous monitoring of network-connected devices is essential for identifying potential exposures, misconfigurations, or emerging vulnerabilities. By doing that, healthcare facilities can significantly reduce their cybersecurity risk profile. As remote medical services expand and connected devices become more common, securing digital infrastructure is critical. 

The full blog post, including data visualizations and a detailed breakdown of findings, is available at http://bit.ly/4moChak 

About Modat 

Founded in 2024, Modat is a European research-driven cybersecurity company focused on strengthening cyber resilience for individuals, companies, and governments. Our flagship platform, Modat Magnify, leverages the world’s largest Internet “Device DNA” dataset to fingerprint and catalogue every internet-connected device, creating a unique profile, enabling faster threat intelligence. 

Modat was created by researching, listening to, and directly experiencing the needs and challenges of security professionals. Our products enable the security community by giving access to unparalleled speed, contextualized data, and predictive insights. We are actively joining the fight to get ahead of cyber-attacks by narrowing the growing gap between digital threats and resilience. Join us to outpace and outlast. 

Users can learn more by visiting modat.io, and to access the platform, visit magnify.modat.io 

Visit: ​

  • LinkedIn
  • X 
  • BSky 
Contact

Head of Marketing
Bessie Schenk
Modat
[email protected]

Filed Under: News

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

Recent Posts

  • SentinelOne Earnings Highlight AI-Driven Growth and Renewed Investor Confidence
  • GCIS Security Briefing: National Security Threats to U.S. Critical Infrastructure
  • Halo Security Enhances Platform with Custom Dashboards and Reports
  • Breaking the Passkey Promise: SquareX Discloses Major Passkey Vulnerability at DEF CON 33
  • Cybersecurity Stocks Rally on Earnings Strength, Federal Wins, and AI Optimism
  • Paperclip Inc. Pushes Back on Encryption Backdoors as EU and UK Debate “Lawful Access”
  • AI-Powered Ransomware Raises the Stakes: ESET Uncovers PromptLock
  • Check Point Named a Leader in the 2025 Gartner Magic Quadrant for Hybrid Mesh Firewalls
  • Blackpoint Cyber and NinjaOne Forge Alliance to Bolster MSP Security
  • Cloudflare Becomes First CASB to Integrate with Leading Generative AI Tools

Media Partners

  • Technology Conferences
  • Technologies
  • Event Sharing Network
  • GameTech Market
  • OSINT
  • Event Calendar
  • Calendarial
  • Media Presser
  • 3V

Media Partners

  • App Coding
  • API Coding
  • Blockchaining
  • S3H
  • Press Club
  • VPNW
  • Opinion
  • Media Press Release
  • Defense Market

Copyright © 2022 CybersecurityMarket.com

Technologies, Market Analysis & Market Research