A recent report by Claroty, titled State of CPS Security: Healthcare Exposures 2025, found that 89% of healthcare organizations are using vulnerable Internet-of-Medical-Things (IoMT) devices. These devices, which are often exposed on the internet, carry known vulnerabilities that are actively exploited in ransomware campaigns. The report also revealed that these vulnerable devices are connected to key hospital systems, including 20% of hospital information systems and 8% of imaging systems, such as X-rays and MRIs.
The research further shows that 99% of healthcare organizations have some vulnerable IoMT devices in use, although they account for about 9% of the total IoMT devices. These devices are a significant security concern as they can be exploited for cyberattacks. The exposure of these devices is even more alarming considering their role in critical healthcare operations, putting patient safety and system integrity at risk.
While IoMT devices are highly exposed, the exposure of vulnerable operational technology (OT) devices appears less significant. Only 0.3% of OT devices in healthcare organizations were found to be exposed to the internet with known vulnerabilities. Despite this, the presence of these vulnerable devices still poses a security threat to healthcare systems, which rely on operational technology to support patient care.
Claroty’s report emphasizes the need for healthcare security leaders to take an exposure-centric approach to manage these risks. With over 647,000 OT devices and 2.5 million IoMT devices analyzed, the report highlights the urgency of addressing these vulnerabilities to protect patient safety and ensure operational continuity. The healthcare industry must prioritize critical vulnerabilities and align remediation efforts with guidelines like the HHS Cyber Performance Goals.
Reference:
