Medical devices have become one of healthcare’s most significant cybersecurity vulnerabilities. As hospitals connect more equipment to their networks, from infusion pumps to imaging systems, they’re creating an expanded attack surface that cybercriminals actively exploit. This report breaks down the critical statistics healthcare security professionals need to understand the scope of medical device vulnerabilities and their impact.
Key Takeaways
99% of hospitals manage at least one IoMT device with a known exploited vulnerability
The average healthcare breach cost reached $10.22 million in the U.S., up 9.2% from 2024
Medical devices average 6.2 vulnerabilities per device, far exceeding typical enterprise hardware
60% of medical devices are end-of-life with no available security patches
77% of healthcare organizations were targeted by ransomware in 2024
Understanding IoMT Vulnerability Statistics
The Internet of Medical Things (IoMT) encompasses all connected medical devices and health IT systems, from wearable monitors and infusion pumps to MRI scanners and hospital workstations. Each device represents a potential entry point for attackers.
Medical Device Vulnerabilities by Type
Device Category
Devices with KEVs
Organizations Affected
*KEVs Linked to Ransomware
Imaging Systems (MRI, CT, X-ray)
28%
99%
8%
Hospital Information Systems
20%
60%
20%
Infusion Pumps
75%
N/A
50%+
Patient Monitors & Controllers
86%
70%+
20%
DICOM/PACS Workstations
32%
N/A
32%
*KEV = Known Exploited Vulnerability
Key Insights:
A research study analyzing more than 2.25 million IoMT devices across 351 healthcare organizations found that imaging systems pose the highest risk.
These critical diagnostic tools inform treatment plans, and compromised systems can devastate triage efforts and force patient re-routing.
Root Causes of Medical Device Vulnerabilities
Vulnerability Factor
Percentage
Impact
End-of-life devices without patches
60%
No security updates available
Devices with weak/default credentials
21%
Easy unauthorized access
Devices running an unsupported OS
14 to 20%
Legacy Windows XP/Vista systems
Devices lacking endpoint protection
87%
Cannot run antivirus or security agents
Average vulnerabilities per device
6.2
Far above enterprise hardware averages
Devices with internet exposure
93%
Insecure connections to the web
Key Insights:
The FBI reported that 53% of networked medical devices have at least one known critical vulnerability.
Unlike enterprise IT, many medical devices were designed for functionality rather than security, often running on legacy systems that manufacturers no longer support with updates.
Healthcare Breach Impact and Costs
The consequences of medical device vulnerabilities extend beyond IT disruptions, directly impacting patient safety and organizational finances.
Financial Impact of Healthcare Breaches
Metric
2024–2025 Data
Year-over-Year Change / Context
Average U.S. Healthcare Breach Cost
$10.22 million
+9.2%
Global Average Healthcare Breach Cost
$9.8 million
Highest of all industries (15th consecutive year)
Downtime Cost per Minute
$7,500–$9,000
N/A
Average Downtime per Attack
17+ days
N/A
Average Recovery Time
100+ days
75% of organizations report this duration
Detection and Escalation Costs
$1.47 million
Per incident
Key Insights:
Healthcare marked its fifteenth consecutive year as the most expensive industry for data breaches.
A single incident can devastate hospitals operating on razor-thin 1-5% profit margins.
Breach Frequency and Patient Impact
Breach Statistic
2024–2025 Data
Healthcare Organizations Hit by Ransomware
67 to 77%
Organizations That Paid Ransom
53%
Patient Records Exposed in 2024
305+ million
Largest Single Breach (Change Healthcare)
190 million records
Ransom Paid (Change Healthcare)
$22 million
Detection and Reporting Time
205 days average
Publicly Accessible Medical Devices Online
1.2 million globally
Emergency Department Closures per Breach
19 days average
Increase in Mortality Rates at Breached Hospitals
29%
Key Insights:
Research confirmed that hospitals affected by cyberattacks saw a 29% increase in inpatient mortality, while neighboring hospitals experienced an 81% surge in cardiac arrests due to emergency diversions.
Attack Vectors and Threat Landscape
From inbox to imaging network, attackers are exploiting systemic weaknesses across the healthcare ecosystem.
Email Remains Dominant Attack Vector
In 2025, Trellix recorded 54.7 million detections across healthcare customer organizations, with 85% originating through email. The United States represented 75% of all healthcare-related detections, underscoring how heavily the U.S. healthcare infrastructure is targeted.
IoMT Device Risk Factors
Risk Category
Finding
Known Exploited Vulnerabilities (KEVs)
99% of hospitals have at least one device with KEVs
KEVs Linked to Ransomware + Internet Exposure
89% of organizations affected (top 1% riskiest devices)
Supply Chain Vulnerabilities
76% of medical devices affected
DICOM Imaging Exposure Growth
246% increase since 2017
Devices with Exploitable Vulnerabilities
993 vulnerabilities identified in 2024
New Vulnerabilities Discovered Annually
162+ in connected medical devices
Operational Technology (OT) Vulnerabilities
Medical devices aren’t the only concern. Building automation systems (HVAC, elevators, refrigerators, backup power) create additional entry points. Analysis of 647,000 OT devices found that 78% of organizations have OT with KEVs, and 65% have devices with confirmed KEVs that are insecurely connected to the internet.
Attackers commonly exploit unpatched HVAC or electrical controllers to gain an initial foothold, then move laterally into medical imaging networks, effectively crippling radiology departments and forcing ambulance diversions.
How ORDR Secures Medical Devices Without Disrupting Care
Traditional security approaches weren’t built for medical devices.
They rely on agents, scanning, or downtime, none of which are viable in clinical environments.
ORDR is designed specifically for healthcare, delivering visibility and safe enforcement without disrupting patient care.
Capability
Description
Complete Visibility
Uses passive network traffic analysis and behavioral AI trained on real-world device data to identify and profile connected medical, IT, IoT, OT, and IoMT devices, without agents or disruptive scanning. Provides real-time inventory, including device type, manufacturer, OS, clinical function, and software attributes.
Continuous Risk Management
Correlates CVEs, manufacturer advisories, clinical context, and network exposure, without requiring active scanning. Enables prioritized, risk-based remediation aligned to patient safety and operational impact.
Behavioral Threat Detection
Monitors device behavior continuously to identify anomalies, unauthorized communication, and indicators of compromise. Provides early detection for devices that cannot support traditional endpoint protection.
Safe Network Segmentation
Generates AI-driven segmentation policies based on real device behavior, validates them before enforcement, and integrates with existing infrastructure. Enables organizations to move toward segmentation in a controlled, phased manner, without disrupting critical systems.
Why Healthcare Organizations Choose ORDR
ORDR enables hospitals to move from visibility to safe, continuous risk reduction, without interrupting patient care or clinical workflows.
