Modat has discovered that over a million healthcare IoT devices and connected medical systems are currently exposed online. This means that private medical records, including detailed scans and personal patient information, are leaking out onto the web due to basic security failures.
Imagine you’ve just had a confidential medical scan. You assume the results are private, seen only by you and your doctor. But what if your most sensitive health information, from a brain scan to blood test results, ended up on the open internet for strangers to see?
The scale of the problem is immense. Researchers found everything from MRI scans and X-rays to eye exams and the results of blood work. Often, these files were stored right alongside the patient’s name and other identifiable details, creating a devastating breach of privacy.
Geographically, the top 10 countries Modat found exposed healthcare IoT devices and subsequent medical data from were:
- United States (174K+)
- South Africa (172K+)
- Australia (111K+)
- Brazil (82K+)
- Germany (81K+)
- Ireland (81K+)
- Great Britain (77K+)
- France (75K+)
- Sweden (74K+)
- Japan (48K+)
The consequences could be life-altering, leaving unsuspecting people open to blackmail over a health condition or targeted fraud.
This isn’t happening because of a highly-advanced cyberattack. In many cases, specialist medical equipment is connected to the internet as a default part of its setup, even when there’s no need for it to be, leaving the device and its data exposed.
Soufian El Yadmani, CEO of Modat, said, “The question we should be asking is: Why are there MRI scanners with internet connectivity that lack proper security measures?
“The primary risk is unnecessary network exposure. These medical systems should only be connected to secure, properly configured networks when there is a legitimate clinical need for remote access.”
This problem is compounded by easy-to-guess passwords set by the manufacturer which are never changed by the hospital’s IT team. Researchers found passwords still in use like ‘admin,’ ‘demo,’ ‘secret,’ and ‘123456’.
Finally, many facilities fail to apply basic security updates. In a busy hospital, taking a critical system offline for an update can feel impossible, and continued use of unsupported legacy systems leaves them as prime targets for attackers.
El Yadmani calls it a “significant and pervasive challenge with global implications” and warns that the danger goes beyond just having data stolen.
“Beyond data theft, the possibility of data manipulation poses even greater concerns,” he said. Imagine the harm if someone could alter your medical records without anyone knowing; potentially even increasing medication dosages to unsafe amounts.
Experts agree that this is not just an IT issue; it’s a patient safety issue. That includes the possibility that a single exposed device could become a gateway for a ransomware attack that shuts down an entire hospital.
Healthcare facilities need to adopt a culture of proactive security. This means constantly monitoring their networks, keeping a detailed inventory of every connected device, and carrying out regular security checks.
In the end, protecting digital medical data is just as critical as ensuring a sterile operating theatre. It’s a fundamental part of modern healthcare.
(Photo by Alexander Sinn)
See also: Google SensorLM AI humanises your smartwatch health data
Want to learn about the IoT from industry leaders? Check out IoT Tech Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Cyber Security & Cloud Expo, AI & Big Data Expo, Intelligent Automation Conference, Edge Computing Expo, and Digital Transformation Week.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
