Healthcare organizations are facing serious threats from ransomware groups, with nearly nine-in-ten (89%) found to have medical devices that are vulnerable to exploits.
That's according to research from Claroty, which examined the state of security among healthcare organizations — and the diagnosis isn't good.
The report found that effectively all (99%) of healthcare organizations have at least one known, actively exploited vulnerability in their networks, with 78% of operational devices such as power supplies, temperature controls, and building management systems found to have a known exploited vulnerability.
Even imaging systems such as X-rays, CT scanners, MRIs, and ultrasound machines are at risk, with 8% of those examined found to have known flaws. A further 20% of hospital information systems also featured known vulnerabilities.
Beyond those known flaws, Claroty warned that healthcare organizations put themselves at risk of a security incident with insecure connections, using default passwords or hard coded credentials, and leaving data in cleartext.
Researchers advised companies to scope out what critical processes and devices could be impacted, follow a cybersecurity framework that considers the business impact and exploitability of exposures, and rollout mitigations and patches.
"We urge organizations to focus on the exposures that matter most: KEVs, KEVs linked to ransomware, and insecure connectivity," the report said.
Rise in ransomware attacks
The warning to address these known flaws comes amid a string of attacks against healthcare organizations, with analysis showing there had been 884 security incidents in the sector between January 2023 and February 2025.
The attacks have continued, with Sunflower Medical Group recently warning patient data had been accessed in a breach earlier this month.
Two of the biggest attacks in the healthcare space have been pinned on Russian ransomware gangs. Ascension, a private healthcare provider in the US, admitted a breach in May 2024 that caused $1.8 billion in losses following an attack attributed to Russian group Black Basta.
Earlier that year, Change Healthcare is believed to have paid out a $22 million ransom, the report noted, in an attack attributed to Russian group BlackCat.
Hospitals and other healthcare organizations are major targets because they are among the critical infrastructure targets most likely to meet ransom demands, the Claroty report noted.
Indeed, a previous report by Claroty, which surveyed 1,100 cybersecurity leaders globally, found that 78% of organizations in the healthcare sector reported making a ransomware payment above half a million dollars.
Meanwhile, more than a third shelled out more than $1 million.
"Ransomware and other attacks against hospitals are in reality attacks against patients, their safety, and the integrity and availability of care," the report added.
"The threat is real as the hundreds of incidents in the last half-decade bear out — and it’s getting complex. Attackers are targeting not only hospitals, but the supply chain, payment processors, and other third-party organizations in the sector."
MORE FROM ITPRO
- February was the worst month on record for ransomware attacks
- Building ransomware resilience to avoid paying out
- CISA issues warning over Medusa ransomware after 300 victims from critical sectors impacted
-
Trump's AI executive order could leave US in a 'regulatory vacuum'News Citing a "patchwork of 50 different regulatory regimes" and "ideological bias", President Trump wants rules to be set at a federal level
-
TPUs: Google's home advantageITPro Podcast How does TPU v7 stack up against Nvidia's latest chips – and can Google scale AI using only its own supply?
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
A notorious ransomware group is spreading fake Microsoft Teams ads to snare victimsNews The Rhysida ransomware group is leveraging Trusted Signing from Microsoft to lend plausibility to its activities
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
The number of ransomware groups rockets as new, smaller players emergeNews The good news is that the number of victims remains steady
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
