Claroty's Team82 Unveils Critical Exposures in Connected Medical Devices in Healthcare
Claroty's Team82 Unveils Critical Exposures in Connected Medical Devices in Healthcare
In a groundbreaking release, Claroty, a leading company specializing in cyber-physical systems (CPS) protection, has published research led by its Team82 on the most dangerous vulnerabilities present in connected medical devices within healthcare settings. This study, titled "State of CPS Security Healthcare Exposures 2025," reveals significant insights into the security landscape of medical technology, particularly concerning the Internet of Medical Things (IoMT) and operational technology (OT) devices that are increasingly integral to patient care.
The report is based on the analysis of over 2.25 million IoMT devices and more than 647,000 OT devices spread across 351 healthcare organizations. The alarming conclusion is that nearly 89% of these organizations utilize the top 1% of the riskiest IoMT devices. Among these, vulnerabilities directly linked to recent ransomware campaigns and insecure internet connections are rampant, showcasing a critical need for enhanced security measures within healthcare infrastructures.
A pivotal component of this research is the identification of specific vulnerabilities that are most prevalent in varying categories of medical devices. The findings point towards an escalating risk in the healthcare sector, particularly concerning devices used for imaging, patient equipment, and hospital information systems (HIS). These risks not only compromise the confidentiality and integrity of sensitive patient data but also threaten the operational continuity essential for effective healthcare delivery.
Among the key statistics reported:
- - An alarming 9% of IoMT devices are found to possess confirmed known exploitable vulnerabilities (KEVs), impacting 99% of the organizations assessed.
- - Specifically, 1% of IoMT devices are associated with KEVs that directly correlate with active ransomware campaigns and insecure internet connectivity, affecting 89% of the analyzed entities.
- - Imaging systems, a critical category for diagnostics, show that 20% harbor KEVs that are linked to both ransomware threats and internet vulnerabilities, putting 58% of organizations at risk.
Ty Greenhalgh, Industry Principal for Healthcare at Claroty, emphasized the pressing need for healthcare facilities to prioritize their cybersecurity measures. He stated, “Hospitals are under immense pressure to digitally transform while ensuring the security of critical systems that support patient care.” The increase in cyberattacks, particularly ransomware exploits, poses a challenge as healthcare providers struggle with aging technology and insecure connections.
Given these circumstances, healthcare security leaders must adopt an exposure-centric approach. This strategy involves identifying and addressing the most critical vulnerabilities specifically targeting medical devices and aligning remedial measures with existing industry standards, such as those outlined by the HHS’ HPH Cyber Performance Goals. Such actions could significantly bolster patient safety and guarantee operational integrity in healthcare settings.
Legislative and Technological Steps Forward
This research's findings highlight the urgency for healthcare organizations to reassess their security protocols and ensure that they possess robust defenses against cyber threats. As the online landscape continues to evolve, the expectation of digital transformation in the healthcare sector must align with equally robust cybersecurity defenses to protect vulnerable medical systems.
To facilitate further understanding and improvement in security measures, Claroty invites organizations to download the "State of CPS Security Healthcare Exposures 2025" report, which contains comprehensive details on their findings, in-depth analyses, and recommendations.
Conclusion
As healthcare systems continue to rely on interconnected devices, the implications for security are profound. With the rapid evolution of cyber threats, healthcare providers need to act decisively to safeguard their networks and protect sensitive patient data. Claroty’s report serves as both a warning and a resource, urging healthcare organizations to take proactive steps in addressing these critical vulnerabilities.
For more information, visit Claroty's Official Site.
Topics Health)
【About Using Articles】
You can freely use the title and article content by linking to the page where the article is posted.
※ Images cannot be used.
【About Links】
Links are free to use.