Healthcare cybersecurity failures put patient safety at risk, Modat warns

Modat urges urgent action to secure connected medical equipment and reduce cyber risks in healthcare worldwide.
Modat, healthcare, cybersecurity, patient data, authentication, security risks, Health ISAC, CERT Z-CERT

Over 1.2 million internet-connected healthcare devices and systems that expose patient data have been identified in research by Modat. The United States, South Africa, and Australia topped the list, with vulnerable systems including MRI scanners, CT machines, and hospital management platforms.

Using its Modat Magnify platform, the company identified misconfigurations, weak passwords, and unpatched software as common risks. Some devices had no authentication, while others used factory-default passwords such as ‘admin’ or ‘123456’. Sensitive MRI, dental X-ray, and blood test records were accessed.

Modat worked with Health-ISAC and Dutch CERT Z-CERT for responsible disclosure, alerting organisations to secure exposed systems. CEO Soufian El Yadmani said devices should never be open to the internet without safeguards, warning that remote access must be secure.

The research stressed that healthcare cybersecurity is a patient safety issue. Outdated or unprotected devices could enable fraud, extortion, or network breaches. Regular security checks, asset inventories, and monitoring were recommended to reduce risks.

Founded in 2024, Modat uses its Device DNA dataset to catalogue internet-connected devices globally. It aims to help healthcare and other sectors close the gap between rising cyber threats and effective resilience.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!