Digital backdoor in healthcare: 1,2 million devices left exposed
European cybersecurity company Modat has revealed that more than 1,2 million online healthcare devices and networks are exposed to the internet — leaving highly sensitive patient data unprotected. Using its scanning platform Modat Magnify, the company uncovered vulnerabilities in over 70 types of medical devices, from MRI machines and X-ray systems to hospital management platforms. Leaked data included medical scans, blood tests, and patients’ personal identifiable information.
Healthcare devices exposed
Modat Magnify, created by and for cybersecurity experts, is a scanning platform that was used by Modat to identify internet-connected devices that were vulnerable and misconfigured — from water control systems to traffic controls. The research conducted on healthcare networks and devices revealed that many systems lacked even basic login protection or relied on weak manufacturer-set passwords. As a result, patient scans and records — including brain MRIs and dental X-rays complete with names and dates — were left openly accessible.
Global security issue
The top affected regions are the USA (174K+), Europe and South Africa (172K+) where the highest number of data was exposed. Other countries such as Australia (111K+) and Brazil (82K+) also scored relatively high with their data exposure — demonstrating the global concern and urgency to address the problem. In many cases, these systems lacked any form of login protection. Others did not have authentication but relied on weak or default passwords set by manufacturers.
"This represents a significant and pervasive challenge with global implications. Our research has identified substantial numbers of exposed healthcare systems, and this trend continues to expand as we conduct more analysis. The scale and accessibility of these vulnerabilities suggest that malicious actors likely possess the same capabilities, creating considerable risk for the healthcare sector.”
Soufian El Yadmani, Founder and CEO of Modat
Risks of revealed medical data
Vulnerable and misconfigured medical systems risk more than data theft: they can serve as entry points for ransomware attacks. Cybercriminals often target healthcare systems, knowing hospitals cannot afford downtime. These weaknesses expose sensitive patient records, including those of high-profile individuals, to unauthorized access, manipulation, and misuse — posing serious privacy and security risks.
Coordinated response to healthcare vulnerabilities
Modat engaged in responsible disclosure by reaching out to several relevant organisations, including Health-ISAC and Z-CERT in the Netherlands — to address the affected organisations and assist with fixing these security breaches. Health-ISAC publishes hundreds of Targeted Alerts every year to organisations globally warning them of high risks specific to their network and cooperated with Modat to responsibly disclose its research findings to healthcare organisations— ensuring the problem is circulated to many impacted institutions globally.
"The findings from Modat underscore a critical and pervasive challenge facing healthcare globally. We consistently emphasize that cybersecurity is inextricably linked to patient safety and operational continuity. This research reinforces the urgent need for comprehensive asset visibility, robust vulnerability management, and a proactive approach to securing every internet-connected device in healthcare environments, ensuring that sensitive patient data remains protected from unauthorized access and potential exploitation."
Errol Weiss, Chief Security Officer at Health-ISAC
Healthcare breaches in The Netherlands
In the Netherlands, Z-CERT is active in the effort to prevent and reduce the impact of cyber incidents in healthcare — providing incident prevention, threat monitoring, and rapid response to cyber threats targeting healthcare institutions. The data collected by Modat allowed Z-CERT to notify Dutch healthcare providers whose systems were potentially exposed.
An example of a cybersecurity incident within the Dutch healthcare sector is the recent cybersecurity incident at ‘Bevolkingsonderzoek Nederland’ — where a data breach leaked the sensitive personal data of over 941,000 persons.
"These extra sets of eyes help us keep Dutch healthcare digitally secure. Thanks to their findings we have been able to inform and advise several healthcare organizations in the Netherlands.”
Director Wim Hafkamp
Responsible disclosure for the future
The research recommends that healthcare organisations carry out regular security checks and keep an up-to-date inventory of all connected devices. Ongoing monitoring is crucial to detect vulnerabilities, exposure points, or misconfigured systems. By staying proactive, healthcare facilities can greatly reduce their risk. As telemedicine grows and more devices connect to networks, securing digital infrastructure becomes more important than ever.