Claroty’s 2025 State of CPS Security report analyzes millions of connected medical and operational devices to identify the most critical cybersecurity exposures in healthcare organizations.
Claroty, a cyber-physical systems protection company, released new research on the riskiest exposures to connected medical devices most coveted for exploitation by adversaries.
Based on analysis of over 2.25 million Internet of Medical Things (IoMT) and 647,000-plus operational technology (OT) devices across 351 healthcare organizations, the “State of CPS Security: Healthcare Exposures 2025” report found 89% of organizations have the top 1% of riskiest IoMT devices—which contain known exploitable vulnerabilities linked to active ransomware campaigns as well as an insecure connection to the internet—on their networks.
These figures represent a highly targeted, critical area where most security teams should prioritize their remediation efforts.
Medical Assets at Risk
As cyberattacks in the healthcare sector continue to rise in severity and the resources to prevent them remain limited, this report illuminates the medical assets at high risk for ransomware, extortion attacks, and attacks exploiting insecure internet connections. Claroty’s Team82 analyzed the challenges that hospitals and healthcare delivery organizations face when identifying which vulnerabilities and exposures in medical and OT devices to prioritize for remediation.
The report details risk exposures in several key areas—hospital information systems, IoMT devices like imaging, patient equipment, and hospital OT systems. With disruptions to operational continuity and patient care delivery being key concerns, the report focused on a specific combination of medical device risk factors: the presence of known exploitable vulnerabilities, those known exploitable vulnerabilities being linked to ransomware, and an insecure internet connection.
This represents an apex of exposures that together pose a real, imminent danger to healthcare organizations, according to a release from Claroty. “These are the most accessible entry points for threat actors into a healthcare network, and are present in nearly every organization analyzed. Taking an exposure management-based approach to risk reduction yields a subset of devices that is manageable enough for organizations to prioritize actual, not theoretical, areas of risk,” the company says in a release.
Imaging the Riskiest Medical Device Category
Key findings from the report include:
- 9% of IoMT devices contain confirmed known exploitable vulnerabilities in their systems, impacting 99% of organizations.
- 1% of IoMT devices carry known exploitable vulnerabilities linked to active ransomware campaigns and insecure internet connectivity, impacting 89% of organizations.
- 8% of imaging systems (X-rays, CT scans, MRI, ultrasound, and more) have known exploitable vulnerabilities linked to ransomware and insecure internet connectivity—making this the riskiest medical device category—impacting 85% of organizations.
- 20% of HIS, which manage clinical patient data, as well as administrative and financial information, have known exploitable vulnerabilities linked to ransomware and insecure internet connectivity, impacting 58% of organizations.
“Hospitals are under immense pressure to digitally transform while ensuring the security of critical systems that support patient care,” says Ty Greenhalgh, industry principal for healthcare at Claroty, in a release. “Cybercriminals, especially ransomware groups, exploit outdated technology and insecure connectivity to gain footholds in hospital networks. To counter these threats, healthcare security leaders must take an exposure-centric approach—prioritizing the most critical vulnerabilities and aligning remediation efforts with industry guidelines like the HHS’ HPH Cyber Performance Goals—to protect patient safety and ensure operational continuity.”
ID 345079968 | Ai © Anna Chaplygina | Dreamstime.com
