A recent report authored by Claroty has shed light on the alarming state of cybersecurity in healthcare organizations. According to the report entitled “State of CPS Security: Healthcare Exposures 2025,” a staggering 89% of healthcare facilities are currently utilizing Internet-of-Medical-Things (IoMT) devices that are riddled with vulnerabilities. These vulnerable devices, often left exposed on the internet, are prime targets for cybercriminals engaging in ransomware attacks.
What makes this finding even more concerning is the fact that these compromised IoMT devices are interconnected with critical hospital systems. The report indicates that approximately 20% of hospital information systems and 8% of imaging systems, such as X-rays and MRIs, are linked to these vulnerable devices. This interconnectedness poses a serious threat to patient safety and the overall integrity of the healthcare system.
While the prevalence of vulnerable IoMT devices is startling, the exposure of vulnerable operational technology (OT) devices appears to be relatively lower. Only 0.3% of OT devices within healthcare organizations were identified as having internet exposure with known vulnerabilities. However, even this small fraction of vulnerable OT devices still presents a security risk to healthcare systems, which heavily rely on operational technology to deliver patient care.
The Claroty report underscores the urgent need for healthcare security leaders to adopt an exposure-centric approach in addressing these cybersecurity risks. With a comprehensive analysis of over 647,000 OT devices and 2.5 million IoMT devices, the report stresses the critical importance of mitigating these vulnerabilities to safeguard patient well-being and ensure uninterrupted healthcare operations. It is imperative for the healthcare industry to prioritize the remediation of critical vulnerabilities and adhere to established guidelines such as the HHS Cyber Performance Goals.
In conclusion, the findings of the Claroty report serve as a stark reminder of the vulnerabilities present within healthcare cybersecurity infrastructure. The widespread use of IoMT devices, coupled with their susceptibility to cyber threats, underscores the pressing need for healthcare organizations to enhance their security measures. By taking proactive steps to address these vulnerabilities, healthcare facilities can fortify their defenses against cyber threats and uphold the highest standards of patient care and safety.