99% of healthcare systems have exploitable vulnerabilities, new report warns
- Marijan Hassan - Tech Journalist
- Apr 1
- 2 min read
Updated: Apr 2
A new report has revealed an alarming detail about the cybersecurity posture of healthcare organizations. An overwhelming 99% possess at least one known security vulnerability that is actively being exploited. The research, conducted by cybersecurity firm Claroty, paints a concerning picture of the sector's preparedness against the rising tide of ransomware attacks.
The report, which examined the state of security across numerous healthcare entities, found that nearly nine in ten (89%) organizations have medical devices susceptible to exploitation. This vulnerability extends beyond just medical equipment, with a staggering 78% of operational technology (OT) devices, such as power supplies, temperature controls, and building management systems, also found to have known exploited vulnerabilities.
Even critical imaging systems like X-rays, CT scanners, MRIs, and ultrasound machines are not immune, with 8% identified as having known flaws. Furthermore, 20% of hospital information systems were also found to contain known vulnerabilities, creating multiple entry points for malicious actors.
Beyond these identified weaknesses, Claroty cautioned that healthcare organizations are compounding their risk by employing insecure connections, utilizing default or hardcoded credentials, and leaving sensitive data unencrypted in cleartext. These basic security oversights further broaden the attack surface for cybercriminals.
Healthcare stands as a top target for cybercriminals
The timing of this report is particularly critical as the healthcare sector continues to be heavily targeted by ransomware groups. Claroty's analysis indicates a significant surge in attacks, with 884 security incidents recorded between January 2023 and February 2025. Recent incidents, such as the data breach at Sunflower Medical Group earlier this month, underscore the ongoing threat.
The report highlights the devastating impact of these attacks, referencing two incidents that happened last year.
In May 2024, US-based healthcare provider Ascension suffered a breach that led to $1.8 billion in losses following an attack by the Black Basta ransomware group.
Earlier in 2024, Change Healthcare reportedly paid a $22 million ransom to the BlackCat ransomware group
Claroty's findings suggest that hospitals and healthcare organizations are prime targets for ransomware due to their critical infrastructure status and a higher propensity to meet ransom demands to ensure the continuity of patient care.
A previous Claroty survey revealed that 78% of healthcare organizations have made ransomware payments exceeding half a million dollars, with over a third paying more than $1 million.
Mitigation
In light of these alarming findings, Claroty has urged healthcare organizations to prioritize addressing the most critical exposures, particularly those known to be actively exploited (KEVs) and those linked to ransomware attacks. They also emphasized the importance of securing network connections.
The report advises organizations to thoroughly assess their critical processes and devices, adopt a cybersecurity framework that considers both business impact and exploitability, and implement necessary mitigations and patches.
"Ransomware and other attacks against hospitals are in reality attacks against patients, their safety, and the integrity and availability of care," the report stated. "The threat is real as the hundreds of incidents in the last half-decade bear out — and it’s getting complex. Attackers are targeting not only hospitals, but the supply chain, payment processors, and other third-party organizations in the sector."
