Censys finds over 14,000 healthcare devices and records exposed to the Internet
Censys, the leading Internet Intelligence Platform for Threat Hunting and Attack Surface Management, published its findings on the 2024 Global State of Internet | Healthcare Assets Exposed on Public-Facing Networks. Censys identified over 14,000 distinct IP addresses exposing healthcare data and devices to the internet – with nearly 50% of hosts located in the United States. Considering healthcare and public health organisations are the top critical infrastructure sectors targeted by ransomware attacks, Censys identified exposures across some of the largest urban healthcare systems to smaller, rural environments.
Regardless of institutional size, this rise in ransomware incidents demonstrates the importance of protecting patient data from malicious threat actors – such as medical history, social security information, insurance information and more.
Censys’ comprehensive internet visibility and scanning capabilities enabled the research team to identify significant devices and record exposures across the globe, including:
Medical Images: Digital Imaging and Communications in Medicine (DICOM)-enabled servers are the most commonly exposed healthcare technology. 36% percent of all Censys identified exposures are DICOM services. These are used for handling potentially sensitive medical images – such as X-rays, ultrasounds, computed technology (CT) scans, magnetic resonance imaging (MRIs), etc.
Healthcare & Public Health Vendors: While many software vendors were represented across healthcare assets, one vendor accounted for over 90% of the 4,000 publicly available electronic medical record systems Censys observed. About 11% of the applications identified across all asset categories were open-source software.
Countries & Regions: Due to population and widespread adoption of healthcare technology, the U.S. leads with the most publicly available applications, with nearly 7,000 currently online across different networks. Censys detected only 200 publicly available applications in the United Kingdom—possibly an indication of a more centralised healthcare infrastructure.
“In this age of increasing ransomware attacks, internet-connected healthcare applications should be safeguarded from the public internet – it’s clear that patient data continues to be a valuable target for malicious actors,” said Himaja Motheram, security researcher at Censys. “Our mission at Censys is to provide visibility into the potential security gaps that tend to go overlooked – these types of devices and systems are often developed without security in mind.”
To prevent data breaches and attacks, effective attack surface management is crucial for hospitals and organisations that handle medical data – but many lack the resources to analyse their exposed assets in an actionable way. Censys’ analysis is the first in-depth overview of its kind, providing a global view of the exposure of Internet of Healthcare Things (IoHT) on public-facing networks, through detailed breakdowns by device type, vendor, country and more.
By leveraging Censys’s monitoring capabilities, healthcare organisations can proactively identify and mitigate exposures and vulnerabilities before they lead to data breaches or ransomware attacks. For more information, the full research report can be found here: https://censys.com/state-of-internet-of-healthcare-things.
Censys’s mission is to make the internet a more secure place for everyone. This drives our commitment to responsible disclosure when identifying exposed systems – particularly those in the critical infrastructure sector. As part of this research, Censys made every effort to attribute each device or web asset to the appropriate organisation(s) to notify the relevant stakeholders.