Claroty Named a Leader in 2025 Gartner® Magic Quadrant™ for CPS Protection Platforms
Get the Report
 
English Español Français Italiano Português 日本語 한국어 繁體中文
Request a Demo
Claroty Toggle Search
Return to Blog

Claroty’s State of CPS Security Report: Healthcare Exposures 2025

/ / 4 min read
In this report, Team82 quantifies the riskiest and most exposed healthcare devices, by taking into consideration not only the criticality of vulnerabilities in connected devices, but also whether devices contain known exploited vulnerabilities and are securely connected to the internet.

Hospitals and healthcare delivery organizations must manage a barrage of risks to connected medical devices and critical OT systems, protecting them from disruptions that could impact patient safety and the uninterrupted availability of patient care. 

This is the backdrop for Claroty’s latest State of CPS Security Report: Healthcare Exposures 2025. The goal of this report is to shed light on the riskiest exposures facing healthcare devices and networks—as well as OT within hospitals—provide some context to help identify those assets most in jeopardy, and demonstrate the number of devices burdened not only by known and exploited vulnerabilities, but those that are most at risk to ransomware and extortion attacks, and insecurely connected to the internet. 

Download “State of CPS Security: Healthcare Exposures 2025 

The aim is to provide security leaders with strategic recommendations that help them prioritize the most at-risk devices for remediation, and mitigate remaining threats moving forward. The risks CISOs in the sector must contend with will continue to pile up as more so-called internet of medical things (IoMT) devices come online, many of which were never designed with cybersecurity in mind. Attack surfaces figure to grow exponentially in the coming years with this newfound connectivity, which is attractive on many fronts to a variety of threat actors.

With that context, here are some key findings from the report, which is based upon an in-depth analysis of more than 2.25 million IoMT devices and more than 647,000 OT devices running inside 351 healthcare organizations. 

Known Exploited Vulnerabilities in Nearly Every Organization

  • CISOs must manage fleets of connected medical devices, some running on legacy operating systems that are no longer supported by the respective vendors with security and feature updates. That’s a worrisome situation given that our analysis uncovered devices containing known exploited vulnerabilities (KEVs) inside 99% of the organizations in our dataset. Devices with KEVs linked to ransomware and also insecurely connected to the internet were found in 89% of organizations we analyzed. These organizations have the top 1% of riskiest IoMT devices in our dataset.

Hospital Imaging Systems Most At-Risk Device Category

  • Imaging systems—X-rays, CT scans, MRI, ultrasound, and more—are the riskiest individual device category among those we analyzed. We found that 8% of imaging systems carry KEVs linked to ransomware, and those devices are also insecurely connected online; 85% of HDOs in our data set are impacted.

Hospital Information Systems Plagued with KEVs

  • 20% of hospital information systems—most of which are Windows systems—that manage clinical patient data, as well as administrative and financial information, are subject to KEVs linked to ransomware and are insecurely connected to the internet. Close to 60% of organizations we looked at are affected. 

Quantifying the Most At-Risk Devices

Our report looks closely at IoMT devices directly linked to patient care, from imaging systems to patient and surgical devices, clinical lab, and clinical IoT. Overall, IoMT devices, especially those running on legacy Windows and Linux operating systems that may no longer be supported with security or feature updates, are at particular risk. 

We confirmed, for example, that 28% of imaging devices contain KEVs; those devices are spread across 99% of the organizations in our data set. We also confirmed that 7% of imaging devices contain KEVs used in publicly known ransomware attacks and are also insecurely connected to the internet. 


These are consequential issues given that imaging systems are an essential diagnostic tool and inform patient treatment plans. A successful cyberattack that impacts imaging systems can devastate triage efforts, and any re-routing of patients to other facilities because of an inability to conduct proper imaging can add significant delays to care and put lives at risk.

Patient devices—including patient monitors, ECG, fetal monitors, and other critical devices—represent the largest subset of data. We found that 86% of organizations have patient devices with confirmed KEVs. More than 70% of devices have KEVs used in ransomware attacks and are also insecurely connected online. 

OT at Risk in the Healthcare Sector

OT inside a hospital is often represented by building automation and management systems that oversee everything from elevators to refrigeration for medications. A compromised BMS could be devastating to patient care and cause unacceptable delays.

We analyzed more than 647,000 OT devices in our dataset, and found that 78% of organizations have OT with KEVs, and 65% are managing devices with confirmed KEVs and are also insecurely connected to the internet.

Cybersecurity leadership in hospitals and HDOs must understand where their riskiest connected systems are and their levels of exposure. Our goal in this report is to identify those assets most in jeopardy, and demonstrate the number of devices burdened not only by known and exploited vulnerabilities, but those that are most at risk to ransomware and extortion attacks, and insecurely connected to the internet. 

You can access the full report here.

Internet of Medical Things (IoMT) Medical Device Security
Stay in the know Get the Claroty Newsletter
Related Articles Tagged with Internet of Medical Things (IoMT) or Medical Device Security
Featured Articles
Resource Library

Interested in learning about Claroty's Cybersecurity Solutions?

Request a Demo
Claroty
LinkedIn Twitter YouTube Facebook