State of CPS Security: Healthcare Exposures 2025

9% of IoMT devices contain confirmed KEVs in their systems, impacting 99% of organisations.

89% of healthcare organisations have the top 1% of riskiest IoMT devices on their networks, which contain known exploitable vulnerabilities (KEVs) linked to active ransomware campaigns and an insecure connection to the internet.

1% of IoMT devices carry KEVs linked to active ransomware campaigns and insecure internet connectivity, impacting 89% of organisations.

8% of imaging systems (X-rays, CT scans, MRI, ultrasound, and more) have KEVs linked to ransomware and insecure internet connectivity, making this the riskiest medical device category and impacting 85% of organisations.

20% of HIS (hospital information systems), which manage clinical patient data, as well as administrative and financial information, have KEVs linked to ransomware and insecure internet connectivity, impacting 58% of organisations