South Africa has the second-highest number of exposed internet-connected healthcare devices worldwide, with over 172,000 systems accessible online, according to new research by European cybersecurity company Modat.
The study found more than 1.2 million vulnerable healthcare devices globally, including MRI scanners, X-ray machines, and diagnostic systems, leaking sensitive patient data such as medical images, blood test results, and personally identifiable information (PII). Researchers warned these exposures could lead to fraud, identity theft, or blackmail.
Using its Modat Magnify tool, the company identified that only the United States, with 174,000+ exposed devices, ranked higher than South Africa. Other countries in the top 10 include Australia (111,000+), Brazil, Germany, Ireland, Great Britain, France, Sweden, and Japan.
Some devices lacked authentication entirely, while others relied on weak or default passwords like “admin” or “123456.” Many were outdated systems no longer supported by manufacturers, making them vulnerable to exploitation.
By refining searches to MRI scanners with unintended access points, researchers uncovered brain scans complete with patient names and scan dates. Other findings included dental X-rays, eye exams, and detailed lung MRIs used for cancer diagnosis.
“This represents a significant and pervasive challenge with global implications,” said Soufian El Yadmani, Founder and CEO of Modat. “The scale and accessibility of these vulnerabilities suggest that malicious actors likely possess the same capabilities, creating considerable risk for the healthcare sector.”
Security experts stress that cybersecurity in healthcare is directly linked to patient safety. Errol Weiss, Chief Security Officer at Health-ISAC, said the findings reinforce the urgent need for “comprehensive asset visibility, robust vulnerability management, and a proactive approach to securing every internet-connected device in healthcare environments.”
According to Modat, the main reasons for these exposures include:
- Misconfigurations that unintentionally place devices online.
- Default or weak passwords often left unchanged.
- Unpatched software or firmware, with some devices past their end-of-life.
The report warns that exposed medical systems not only jeopardise privacy but could also serve as entry points for ransomware attacks.
El Yadmani advised healthcare facilities to limit unnecessary network exposure, apply security patches, replace default credentials, and perform regular security reviews. “With the increase in remote operations, the question we should be asking is: why are there MRI scanners with internet connectivity that lack proper security measures?” he said.
About Author
