Over 50% of Hospital IoT Devices Contain Known Critical Vulnerabilities

In recent years, ransomware operators have increasingly targeted healthcare institutions, making hospitals and the medical sector a primary focus for cyberattacks. The unprecedented surge in attacks on medical facilities has prompted cybersecurity experts to pay closer attention to critical vulnerabilities in hospital equipment.

Researchers from Cynerio have investigated this issue, noting that the risks associated with “smart” devices used in healthcare settings are often underestimated. According to Cynerio’s report, 53% of hospital IoT (Internet of Things) devices have known critical vulnerabilities. Even more concerning, one-third of bedside devices—those most vital to patient care—are also affected by serious security issues.

If attackers exploit these vulnerabilities, they could disrupt equipment operation, compromise confidential data, and even endanger patients’ health and lives.

Infusion Pumps: A Major Source of Risk

Infusion pumps, among the most common devices in healthcare, account for a significant portion of the risk. The report found that 73% of these devices have issues related to bugs and vulnerabilities.

Outdated Operating Systems and Default Passwords

The Cynerio team also highlighted the serious threat posed by outdated versions of the Windows operating system, which currently run on the majority of devices in medical facilities. Additionally, the continued use of default passwords remains a major concern. All staff working with devices in hospitals and clinics are strongly urged to discontinue this practice immediately.