Full Report
Claroty revealed that 89% of healthcare organizations use the top 1% of riskiest Internet-of-Medical-Things (IoMT) devices
Analysis Summary
# Vulnerability: Pervasive Use of Vulnerable IoMT Devices in Healthcare
## CVE Details
- CVE ID: Not specified in the article (The article discusses a trend based on a report, not a single, specific CVE).
- CVSS Score: Not applicable (The article describes a landscape of issues, not a single vulnerability score).
- CWE: Generic weaknesses affecting IoT/IoMT devices (Likely includes insecure default credentials, outdated software, poor network segregation).
## Affected Systems
- Products: Internet-of-Medical-Things (IoMT) devices, general Operational Technology (OT) devices.
- Versions: Unspecified; the finding relates to devices that possess known exploited vulnerabilities.
- Configurations: Devices exposed to the internet; devices connected to Hospital Information Systems (HIS) and imaging systems.
## Vulnerability Description
A vast majority of healthcare organizations (89%) utilize IoMT devices known to possess vulnerabilities that are actively exploited in ransomware campaigns. Furthermore, 99% of organizations have at least some IoMT devices with *any* known exploited vulnerability, accounting for roughly 9% of the total IoMT inventory. These vulnerable devices pose risks by connecting to critical systems, with these vulnerable IoMT devices connecting to 20% of HIS and 8% of imaging systems.
## Exploitation
- Status: Vulnerabilities are known to be **Exploited in the wild** (specifically linked to ransomware campaigns).
- Complexity: Implied Medium to High due to potential network exposure, though complexity varies per specific device vulnerability.
- Attack Vector: Primarily **Network** access, given the exposure to the internet.
## Impact
The impact levels are generalized based on the threat context (ransomware and device exposure):
- Confidentiality: High (Potential access to sensitive patient/system data via compromised HIS connections).
- Integrity: High (Risk of data manipulation or device malfunction due to ransomware or exploitation).
- Availability: Critical (Ransomware targeting medical infrastructure directly impacts patient care delivery).
## Remediation
### Patches
- Specific patches are not detailed, as the article summarizes a risk landscape report by Claroty. Organizations must consult **device vendors** to apply firmware/software updates for identified IoMT devices possessing known exploited vulnerabilities.
### Workarounds
1. **Network Segmentation:** Immediately isolate vulnerable IoMT devices from the primary HIS and wider corporate/internet networks.
2. **Inventory Management:** Complete and accurately inventory all IoMT and OT assets to identify devices with known vulnerabilities.
3. **Access Control:** Ensure strict access controls are applied to any device that is internet-exposed or connected to critical systems.
## Detection
- Indicators of Compromise (IoCs): Network traffic indicative of ransomware activity originating from or targeting subnetworks containing IoMT devices.
- Detection Methods and Tools: Asset inventory tools capable of identifying IoMT/OT assets; Network monitoring solutions analyzing ingress/egress traffic for IoMT devices; Specific vulnerability scanning tools validated against medical device CVE databases (e.g., FDA database, vendor advisories).
## References
- Claroty State of CPS Security: Healthcare Exposures 2025 report (Published March 26, 2025).
- Vendor advisories for specific IoMT product lines addressing recent threat intelligence.
- Relevant links - defanged: hxxps://www.infosecurity-magazine.com/news/healthcare-vulnerable-iot-devices/