Healthcare organizations are facing serious threats from ransomware groups, with nearly nine-in-ten (89%) found to have medical devices that are vulnerable to exploits.
That's according to research from Claroty, which examined the state of security among healthcare organizations — and the diagnosis isn't good.
The report found that effectively all (99%) of healthcare organizations have at least one known, actively exploited vulnerability in their networks, with 78% of operational devices such as power supplies, temperature controls, and building management systems found to have a known exploited vulnerability.
Even imaging systems such as X-rays, CT scanners, MRIs, and ultrasound machines are at risk, with 8% of those examined found to have known flaws. A further 20% of hospital information systems also featured known vulnerabilities.
Beyond those known flaws, Claroty warned that healthcare organizations put themselves at risk of a security incident with insecure connections, using default passwords or hard coded credentials, and leaving data in cleartext.
Researchers advised companies to scope out what critical processes and devices could be impacted, follow a cybersecurity framework that considers the business impact and exploitability of exposures, and rollout mitigations and patches.
"We urge organizations to focus on the exposures that matter most: KEVs, KEVs linked to ransomware, and insecure connectivity," the report said.
Rise in ransomware attacks
The warning to address these known flaws comes amid a string of attacks against healthcare organizations, with analysis showing there had been 884 security incidents in the sector between January 2023 and February 2025.
The attacks have continued, with Sunflower Medical Group recently warning patient data had been accessed in a breach earlier this month.
Two of the biggest attacks in the healthcare space have been pinned on Russian ransomware gangs. Ascension, a private healthcare provider in the US, admitted a breach in May 2024 that caused $1.8 billion in losses following an attack attributed to Russian group Black Basta.
Earlier that year, Change Healthcare is believed to have paid out a $22 million ransom, the report noted, in an attack attributed to Russian group BlackCat.
Hospitals and other healthcare organizations are major targets because they are among the critical infrastructure targets most likely to meet ransom demands, the Claroty report noted.
Indeed, a previous report by Claroty, which surveyed 1,100 cybersecurity leaders globally, found that 78% of organizations in the healthcare sector reported making a ransomware payment above half a million dollars.
Meanwhile, more than a third shelled out more than $1 million.
"Ransomware and other attacks against hospitals are in reality attacks against patients, their safety, and the integrity and availability of care," the report added.
"The threat is real as the hundreds of incidents in the last half-decade bear out — and it’s getting complex. Attackers are targeting not only hospitals, but the supply chain, payment processors, and other third-party organizations in the sector."
MORE FROM ITPRO
- February was the worst month on record for ransomware attacks
- Building ransomware resilience to avoid paying out
- CISA issues warning over Medusa ransomware after 300 victims from critical sectors impacted
-
Asus ZenScreen Fold OLED MQ17QH reviewReviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto NetworksCase study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the lastNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackersNews Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Alleged LockBit developer extradited to the USNews A Russian-Israeli man has been extradited to the US amid accusations of being a key LockBit ransomware developer.
-
February was the worst month on record for ransomware attacks – and one threat group had a field dayNews February 2025 was the worst month on record for the number of ransomware attacks, according to new research from Bitdefender.
-
CISA issues warning over Medusa ransomware after 300 victims from critical sectors impactedNews The Medusa ransomware as a Service operation compromised twice as many organizations at the start of 2025 compared to 2024
-
More than 300,000 US healthcare patients impacted in suspected Rhysida cyber attacksNews Two US healthcare organizations have warned threat actors were able to breach their internal systems, exposing more than 300,000 individuals.
-
‘It’s your worst nightmare’: A batch of €5 hard drives found at a flea market held 15GB of Dutch medical records – and experts warn it could’ve caused a disastrous data breachNews Robert Polet made a startling discovery after finding hard drives on sale for €5 each in a flea market.
-
Warning issued over prolific 'Ghost' ransomware groupNews The Ghost ransomware group is known to act fast and exploit vulnerabilities in public-facing appliances
