Healthcare organizations are facing serious threats from ransomware groups, with nearly nine-in-ten (89%) found to have medical devices that are vulnerable to exploits.
That's according to research from Claroty, which examined the state of security among healthcare organizations — and the diagnosis isn't good.
The report found that effectively all (99%) of healthcare organizations have at least one known, actively exploited vulnerability in their networks, with 78% of operational devices such as power supplies, temperature controls, and building management systems found to have a known exploited vulnerability.
Even imaging systems such as X-rays, CT scanners, MRIs, and ultrasound machines are at risk, with 8% of those examined found to have known flaws. A further 20% of hospital information systems also featured known vulnerabilities.
Beyond those known flaws, Claroty warned that healthcare organizations put themselves at risk of a security incident with insecure connections, using default passwords or hard coded credentials, and leaving data in cleartext.
Researchers advised companies to scope out what critical processes and devices could be impacted, follow a cybersecurity framework that considers the business impact and exploitability of exposures, and rollout mitigations and patches.
"We urge organizations to focus on the exposures that matter most: KEVs, KEVs linked to ransomware, and insecure connectivity," the report said.
Rise in ransomware attacks
The warning to address these known flaws comes amid a string of attacks against healthcare organizations, with analysis showing there had been 884 security incidents in the sector between January 2023 and February 2025.
The attacks have continued, with Sunflower Medical Group recently warning patient data had been accessed in a breach earlier this month.
Two of the biggest attacks in the healthcare space have been pinned on Russian ransomware gangs. Ascension, a private healthcare provider in the US, admitted a breach in May 2024 that caused $1.8 billion in losses following an attack attributed to Russian group Black Basta.
Earlier that year, Change Healthcare is believed to have paid out a $22 million ransom, the report noted, in an attack attributed to Russian group BlackCat.
Hospitals and other healthcare organizations are major targets because they are among the critical infrastructure targets most likely to meet ransom demands, the Claroty report noted.
Indeed, a previous report by Claroty, which surveyed 1,100 cybersecurity leaders globally, found that 78% of organizations in the healthcare sector reported making a ransomware payment above half a million dollars.
Meanwhile, more than a third shelled out more than $1 million.
"Ransomware and other attacks against hospitals are in reality attacks against patients, their safety, and the integrity and availability of care," the report added.
"The threat is real as the hundreds of incidents in the last half-decade bear out — and it’s getting complex. Attackers are targeting not only hospitals, but the supply chain, payment processors, and other third-party organizations in the sector."
MORE FROM ITPRO
- February was the worst month on record for ransomware attacks
- Building ransomware resilience to avoid paying out
- CISA issues warning over Medusa ransomware after 300 victims from critical sectors impacted
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabsNews An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
US healthcare firm postponed procedures after cyber attack knocked systems offlineNews The incident at Kettering Health disrupted procedures for patients
-
It's been a bad week for ransomware operatorsNews A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attackNews A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
US healthcare data breaches are out of control – over 400 million patient records have been exposed in the last two yearsNews There's been a huge surge in the number of healthcare data breaches in recent years
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?News The Scattered Spider group has been highly active in recent years
-
More than 5 million Americans just had their personal information exposed in the Yale New Haven Health data breach – and lawsuits are already rolling inNews A data breach at Yale New Haven Health has exposed data belonging to millions of people – and lawsuits have already been filed.
-
Healthcare organizations are turning a blind eye to phishing attacksNews A survey reveals that most attacks go unreported, putting patient data at risk
