Full Report
Claroty, a cyber-physical systems protection firm, analyzed over 2.25 million Internet of Medical Things (IoMT) devices and more... The post Claroty reports alarming IoMT, OT device risks as critical vulnerabilities found in 99% of healthcare networks appeared first on Industrial Cyber.
Analysis Summary
This summary is based on the provided context regarding a report by Claroty on the cybersecurity posture of healthcare organizations, focusing on IoMT and OT devices. **Note:** The provided article describes general findings and observed risks across the sector based on a survey; it does *not* detail specific, named vulnerabilities (CVEs) with associated CVSS scores, patched versions, or specific exploit details. Therefore, the CVE-related fields are marked as "Not specified in context."
# Vulnerability: Widespread Known Exploited Vulnerabilities (KEVs) in Healthcare IoT/OT
## CVE Details
- CVE ID: Not specified in context (Report details pervasive KEVs, but no specific CVEs are listed)
- CVSS Score: Not specified in context
- CWE: Not specified in context
## Affected Systems
- Products: Internet of Medical Things (IoMT) devices, Operational Technology (OT) infrastructure (including Building Automation Systems (BMS), controllers, sensors, PDU), Hospital Information Systems (HIS).
- Versions: Legacy/unsupported technology and outdated operating systems across fleets.
- Configurations: Devices insecurely connected to the internet; devices with KEVs linked to active ransomware campaigns.
## Vulnerability Description
The analysis of over 2.25 million IoMT and 647,000 OT devices across 351 healthcare organizations revealed a systemic issue with known exploited vulnerabilities (KEVs). 99% of organizations had KEVs present. Specifically, 89% operate medical systems susceptible to publicly available exploits (often used by ransomware groups) due to insecure internet connectivity. Many devices are legacy, unsupported, and were not designed with security in mind. The most critical risk involves the riskiest 1% of IoMT devices carrying KEVs linked to active ransomware campaigns. Compromised OT systems, such as BMS, pose a severe threat, potentially disrupting critical functions like temperature-controlled medication storage or elevator operations, directly impacting patient care.
## Exploitation
- Status: Confirmed Known Exploited Vulnerabilities (KEVs) present across 99% of analyzed organizations; KEVs linked to active ransomware campaigns found.
- Complexity: Implied to be manageable by current threat actors given the prevalence of KEVs and insecure configurations.
- Attack Vector: Implied Network/Internet connectivity is the primary vector for initial compromise leading to ransomware.
## Impact
- Confidentiality: High (HIS systems managing clinical patient data are affected, risk of data loss/theft reported)
- Integrity: High (Potential for manipulation of clinical/operational systems like BMS)
- Availability: Critical (Attacks lead to canceled procedures, patient diversion, and inability to access digital records, jeopardizing patient care continuity)
## Remediation
### Patches
- Specific patches are not detailed. **Challenge:** Patching medical devices often requires validation from manufacturers and the FDA, creating a slow "tug-of-war" that security leaders cannot control.
- **General Guidance:** Prioritize remediation for the 0.3% of OT devices with confirmed KEVs linked to ransomware *and* insecure connectivity.
### Workarounds
- Adopt an **exposure-centric approach** that includes **compensating controls**, especially for vulnerable medical devices awaiting vendor/FDA patch approval.
- Secure environments by restricting insecure connectivity to the internet.
- Address non-vulnerability exposures: eliminating default passwords, hardcoded credentials, and insecure communication protocols.
## Detection
- **Indicators of Compromise (IoCs):** Not explicitly listed, but likely tied to activity involving exploited KEVs, unusual lateral movement in OT/IoMT segments, and extortion attempts (ransomware).
- **Detection Methods and Tools:** Focus on asset identification, auditing external reachability validation, and implementing controls aligned with HHS HPH Cyber Performance Goals.
## References
- Vendor Advisories: Claroty Research Report: ‘State of CPS Security: Healthcare Exposures 2025’
- Relevant Links:
- hxxps://industrialcyber.co/vndrs/claroty/
- hxxps://industrialcyber.co/medical/microsoft-highlights-cybersecurity-crisis-in-rural-hospitals-urges-enhanced-measures-to-bolster-healthcare-resilience/
- hxxps://industrialcyber.co/medical/fbi-healthcare-agencies-warn-of-credible-threat-against-hospitals-after-multi-city-social-media-terror-plot-alert/
- hxxps://www.prnewswire.com/news-releases/new-research-from-clarotys-team82-highlights-riskiest-medical-device-exposures-in-healthcare-environments-302411504.html
- hxxps://industrialcyber.co/threats-attacks/clarotys-team82-highlights-ot-cybersecurity-risks-due-to-excessive-remote-access-tools/
- hxxps://industrialcyber.co/medical/forescout-widens-research-on-silver-fox-hackers-reveals-malware-clusters-targeting-healthcare-through-dicom-hl7-exploits/
- hxxps://industrialcyber.co/ransomware/kelas-cyber-intelligence-center-details-more-insights-on-black-bastas-ransomware-tactics-victim-selection-strategies/