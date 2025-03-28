The top 1% of the riskiest medical devices are used by a large majority of healthcare organizations, according to Claroty.
In its State of CPS Security: Healthcare Exposures 2025 report, published on March 26, Claroty found that vulnerable smart medical devices – also known as Internet-of-Medical-Things (IoMT) devices – are present in the systems of 89% of healthcare organizations.
These devices are exposed on the internet and carry vulnerabilities known to be exploited in active ransomware campaigns.
Additionally, the report showed that these vulnerable IoMT devices are connected to 20% of hospital information systems (HIS) and 8% of imaging systems (e.g. X-rays, CT scans, MRI, ultrasound).
Moreover, when considering all IoMT devices with known exploited vulnerabilities – not only those linked to ransomware campaigns and online exposure – the company has found that a staggering 99% of healthcare organizations have at least some of these vulnerable devices in their systems. These account for approximately 9% of the total IoMT devices in use.
The exposure of vulnerable operational technology (OT) devices appears less significant in healthcare organizations, with only 0.3% of these devices present in healthcare systems found to be both exposed on the internet and carrying known exploited vulnerabilities (1,763).
Ty Greenhalgh, Industry Principal for Healthcare at Claroty, commented: “Hospitals are under immense pressure to digitally transform while ensuring the security of critical systems that support patient care. […] To counter these threats, healthcare security leaders must take an exposure-centric approach—prioritizing the most critical vulnerabilities and aligning remediation efforts with industry guidelines like the HHS’ HPH Cyber Performance Goals—to protect patient safety and ensure operational continuity.”
For this report, Claroty analyzed over 647,000 operational technology (OT) devices and 2.5 million IoMT devices across 351 healthcare organizations.