2 days ago
500+ Healthcare Devices in Morocco Found Exposed Online with Patient Data
Rabat – More than 500 healthcare systems and devices in Morocco are exposed online, putting patient data at serious risk, according to research by cybersecurity firm Modat.
The findings, shared with Morocco World News, reveal a worrying trend affecting both private and public healthcare providers in the country.
Modat's research identified over 1.2 million healthcare devices and systems connected to the internet worldwide. These include MRI and CT scanners, X-ray machines, blood test systems, and hospital management software.
Many of these devices store sensitive information, such as patients' names, dates of birth, and medical images, including brain scans, dental X-rays, eye exams, and MRIs used for cancer care.
About 500 healthcare devices in Morocco, in both the private and public sector, were found to be exposed online. According to Modat, this creates opportunities for cybercriminals to steal sensitive patient data or misuse it for fraud.
'Many of them are exposing the patient data of Moroccan citizens leaving them vulnerable to unwanted sharing of information or even fraud,' Modat told MWN.
The risks come from weak or default passwords, misconfigured network settings, and outdated software. Some systems lacked basic authentication, while others were still running on legacy software no longer supported by manufacturers. This makes them vulnerable to ransomware attacks and other cyber threats.
Soufian El Yadmani, CEO of Modat, said that 'the primary risk is unnecessary network exposure.'
'These medical systems should only be connected to secure, properly configured networks when there is a legitimate clinical need for remote access,' El Yadmani added.
Read also: Moroccan Authorities Warn of Unauthorised Use of Personal Data Following CNSS Leak
He noted that although remote MRI operations are increasingly used to tackle staffing shortages and provide specialized expertise, many devices are still connected to the internet without sufficient cybersecurity protections.
El Yadmani questioned why MRI scanners are allowed online without proper security measures, stressing the urgent need for stronger safeguards.
Globally, the research showed that Europe, the United States, and the MENA region were among the most affected areas. Millions of patient records are at risk, containing sensitive Personal Health Information (PHI) and Personally Identifiable Information (PII).
The highest numbers reported in the US, where over 174,000 devices were found online. South Africa follows closely with more than 172,000 exposed systems, while Australia has over 111,000.
Brazil, Germany, and Ireland each reported more than 81,000 devices, with Great Britain at 77,000 and France at 75,000. Sweden accounts for 74,000, and Japan has over 48,000 exposed healthcare devices.
Cybersecurity experts warn that these exposures could lead to privacy breaches, financial fraud, or even blackmail over confidential medical conditions.
Modat has engaged with international partners such as Health-ISAC and Z-CERT in the Netherlands to ensure responsible disclosure and to help affected healthcare organizations address these vulnerabilities.
Experts recommend that healthcare providers conduct regular security assessments, maintain updated inventories of internet-connected devices, and monitor their networks closely to prevent unauthorized access and protect patient privacy.
