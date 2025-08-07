Research was conducted using Modat's unique internet scanning platform, Modat Magnify . Findings range across more than 70 different types of medical devices and systems including: MRI, CT, X-rays, DICOM viewers, Blood test systems, hospital management systems, and other accessible medical systems. Multiple Reasons for Vulnerable Devices include misconfigurations and insecure management settings, default or weak passwords, and unpatched vulnerabilities in firmware or software.

Researchers discovered that many systems lacked even basic authentication, and some used factory-default or weak passwords like, "admin" or "123456." In other cases, outdated or unpatched software left critical devices vulnerable to exploitation. These oversights not only compromise patient confidentiality but may also open a path for cybercriminals to carry out fraud, extortion, or network infiltration.

One scan, for instance, exposed a patient's chest and brain MRI results, complete with names and medical history. Records include highly sensitive information such as Personal Health Information (PHI) and Personal Identifying Information (PII). Their researchers have uncovered and identified brain scan images, complete with patients' names and scan dates. Using the same method, they accessed a range of other medical images: eye exams from opticians, dental X-rays, blood test results, and even detailed lung MRIs commonly used to aid patients suffering from lung cancer. A wide number of exposed medical documents. All accessible via the open internet – and in some cases, dating back to previous years.

Modat worked with international partners Health-ISAC and Dutch CERT Z-CERT to ensure responsible disclosure.

The findings emphasize that cybersecurity in healthcare is not only an IT concern, but it's a matter of patient safety. They immediately initiated the process of Responsible Disclosure by reaching out to affected organisations to assist them in fixing these security breaches through organizations like Z-CERT and Health-ISAC. Here is a link to the Health-ISAC post for their Monthly Threat Briefing (Monthly Threat Briefing ).

These systems should never be exposed to the internet in the first place. Soufian El Yadmani, Modat CEO, stated, "The question we should be asking is: Why are there MRI scanners with internet connectivity that lack proper security measures?" El Yadmani went on to say, "The primary risk is unnecessary network exposure. These medical systems should only be connected to secure, properly configured networks when there is a legitimate clinical need for remote access. While remote MRI operations are becoming more common to address staffing shortages and provide specialized expertise, many systems remain exposed to the internet without adequate cybersecurity measures."

Recommendations in the research include the need for organizations to implement regular security assessments and maintain comprehensive asset inventories, as personnel changes and operational modifications can introduce configuration drift and security gaps. Continuous monitoring of network-connected devices is essential for identifying potential exposures, misconfigurations, or emerging vulnerabilities. By doing that, healthcare facilities can significantly reduce their cybersecurity risk profile. As remote medical services expand and connected devices become more common, securing digital infrastructure is critical.

The full blog post, including data visualizations and a detailed breakdown of findings, is available at .

About Modat

Founded in 2024, Modat is a European research-driven cybersecurity company focused on strengthening cyber resilience for individuals, companies, and governments. Our flagship platform, Modat Magnify, leverages the world's largest Internet "Device DNA" dataset to fingerprint and catalogue every internet-connected device, creating a unique profile, enabling faster threat intelligence.

Modat was created by researching, listening to, and directly experiencing the needs and challenges of security professionals. Our products enable the security community by giving access to unparalleled speed, contextualized data, and predictive insights. We are actively joining the fight to get ahead of cyber-attacks by narrowing the growing gap between digital threats and resilience. Join us to outpace and outlast.

