European cybersecurity company Modat has revealed that more than 1.2 million online healthcare devices and networks are exposed to the internet — leaving highly sensitive patient data unprotected. Using its scanning platform Modat Magnify, the company uncovered vulnerabilities in over 70 types of medical devices, from MRI machines and X-ray systems to hospital management platforms. Leaked data included medical scans, blood tests, and patients’ personal identifiable information.
Healthcare devices exposed
Modat Magnify, created by and for cybersecurity experts, is a scanning platform that was used by Modat to identify internet-connected devices that were vulnerable and misconfigured — from water control systems to traffic controls. The research conducted on healthcare networks and devices revealed that many systems lacked even basic login protection or relied on weak manufacturer-set passwords. As a result, patient scans and records — including brain MRIs and dental X-rays complete with names and dates — were left openly accessible.
Global security issue
The top affected regions are the USA (174K+), Europe and South Africa (172K+) where the highest number of data was exposed. Other countries such as Australia (111K+) and Brazil (82K+) also scored relatively high with their data exposure — demonstrating the global concern and urgency to address the problem. In many cases, these systems lacked any form of login protection. Others did not have authentication but relied on weak or default passwords set by manufacturers.
"This represents a significant and pervasive challenge with global implications. Our research has identified substantial numbers of exposed healthcare systems, and this trend continues to expand as we conduct more analysis. The scale and accessibility of these vulnerabilities suggest that malicious actors likely possess the same capabilities, creating considerable risk for the healthcare sector.”
Risks of revealed medical data
Vulnerable and misconfigured medical systems risk more than data theft: they can serve as entry points for ransomware attacks. Cybercriminals often target healthcare systems, knowing hospitals cannot afford downtime. These weaknesses expose sensitive patient records, including those of high-profile individuals, to unauthorized access, manipulation, and misuse — posing serious privacy and security risks.
Coordinated response to healthcare vulnerabilities
Modat engaged in responsible disclosure by reaching out to several relevant organisations, including Health-ISAC and Z-CERT in the Netherlands — to address the affected organisations and assist with fixing these security breaches. Health-ISAC publishes hundreds of Targeted Alerts every year to organisations globally warning them of high risks specific to their network and cooperated with Modat to responsibly disclose its research findings to healthcare organisations— ensuring the problem is circulated to many impacted institutions globally.
"The findings from Modat underscore a critical and pervasive challenge facing healthcare globally. We consistently emphasize that cybersecurity is inextricably linked to patient safety and operational continuity. This research reinforces the urgent need for comprehensive asset visibility, robust vulnerability management, and a proactive approach to securing every internet-connected device in healthcare environments, ensuring that sensitive patient data remains protected from unauthorized access and potential exploitation."
Healthcare breaches in The Netherlands
In the Netherlands, Z-CERT is active in the effort to prevent and reduce the impact of cyber incidents in healthcare — providing incident prevention, threat monitoring, and rapid response to cyber threats targeting healthcare institutions. The data collected by Modat allowed Z-CERT to notify Dutch healthcare providers whose systems were potentially exposed.
An example of a cybersecurity incident within the Dutch healthcare sector is the recent cybersecurity incident at ‘Bevolkingsonderzoek Nederland’ — where a data breach leaked the sensitive personal data of over 941.000 persons.
"These extra sets of eyes help us keep Dutch healthcare digitally secure. Thanks to their findings we have been able to inform and advise several healthcare organizations in the Netherlands.”
Responsible disclosure for the future
The research recommends that healthcare organisations carry out regular security checks and keep an up-to-date inventory of all connected devices. Ongoing monitoring is crucial to detect vulnerabilities, exposure points, or misconfigured systems. By staying proactive, healthcare facilities can greatly reduce their risk. As telemedicine grows and more devices connect to networks, securing digital infrastructure becomes more important than ever.
Modat - European cybersecurity company
Read more
Research in The Hague: How to prevent curious youngsters from becoming cybercriminals?
How do young, curious computer enthusiast become hackers or cybercriminals? How do gamers who want to take revenge on other gamers fall into the hands of online criminal networks? And if you know that, how do you prevent this?
How to prevent 200+ NGOs in The Hague from shutting down after a cyberattack
More than 1 billion people across the world receive vital support and services from non- governmental organizations (NGOs). These organizations are enormously vulnerable for cyberattacks because of their core focus to help. Only 1 in 10 NGOs are training their staff in cybersecurity. That makes most of them easy targets. All over the world hundreds of cyber attacks have been reported on all kinds of aid, humanitarian and health care organizations.
Why satellite cybersecurity is necessary and effective
In a world reliant on satellite technology, securing space-based infrastructure is essential to building a safer global community. Globals Inc., founded in Bengaluru, India, specialises in protecting satellites from escalating cyber threats. Their recent expansion to The Hague, the city renowned for its commitment to innovation, peace, and justice, opens new opportunities to strengthen the space economy.
More of Cybersecurity
The Hague’s digital contribution of ‘Crime Scene Investigation’ solutions
Read article The Hague’s digital contribution of ‘Crime Scene Investigation’ solutions