More than 1.2 million internet-connected medical devices including MRI and CT scanners, blood test systems, DICOM viewers, and hospital management systems had misconfigurations that exposed sensitive patient data, Cybernews reports.
Most of the vulnerable medical systems were in the U.S., followed by South Africa and Australia, with all countries having more than 100,000 exposed devices, according to findings from Modat, a European cybersecurity firm. Aside from enabling access to various medical information, some systems enabled unauthorized editing. Insecure credentials, including default passwords, were also evident in numerous systems, while some have been in use with unpatched issues and obsolete software. "The primary risk is unnecessary network exposure. These medical systems should only be connected to secure, properly configured networks when there is a legitimate clinical need for remote access," said Modat, which warned of the possibility of ransomware attacks, as well as the threat of fraud and blackmail to individuals whose information had been leaked.
