Black Book survey finds hospitals worldwide struggling with legacy systems, weak safeguards and systemic lapses in biomedical protection

LONDON, UK / ACCESS Newswire / September 11, 2025 / A new Black Book Research flash survey of hospital technology leaders warns that over a million internet-connected medical devices worldwide from MRI scanners to blood analyzers are misconfigured, weakly protected, or directly exposed online, quietly leaking patient information and creating fertile ground for cybercriminal exploitation.

The survey, conducted between July and September 2025, collected insights from 312 hospital CIOs, CISOs, radiology directors, and biomedical engineers across eight countries (U.S., U.K., Germany, Australia, South Africa, Brazil, India, and Singapore). Respondents highlighted systemic weaknesses in biomedical IT governance that compromise patient privacy, regulatory compliance, and healthcare resilience.

Key Findings

Global Scale, Uneven Protections:
Survey data suggests over 1.4 million medical devices are at risk worldwide, with the U.S. accounting for an estimated two hundred thousand devices, followed by South Africa, Australia, Brazil, and Germany.

Default Credentials Remain Common:
33% of surveyed hospitals admitted at least some connected devices still run on factory-set usernames or passwords, a figure that climbs to nearly 75% in facilities under 250 beds.

Legacy Technology Dependency:
48% of respondents acknowledged continued reliance on unsupported operating systems (e.g., Windows 7/XP), with patching cycles averaging 18 months.

Direct Internet Exposure:
30% of hospitals reported at least one imaging workstation or PACS node accessible online without VPN or zero-trust safeguards.

Silent Incidents:
14% of hospitals reported unexplained or anomalous biomedical network traffic in the past year, with two facilities disclosing confirmed data exfiltration of DICOM imaging files.

Analog Backstops Still Common:
Nearly 87% of hospitals reported reverting to fax or paper requisitions for imaging orders during cyber incidents.

"Biomedical IT misconfigurations are systemic," said Doug Brown, founder of Black Book Research. "Unlike ransomware that shuts down an ER, these exposures are more insidious: patient scans and identifiers sitting online in plain view. This hidden crisis undermines both patient trust and healthcare resilience."

Strategic 2026 Implications

For vendors: Hospitals are demanding "secure by default" design, eliminating factory credentials, supporting certificate rotation, and ensuring long-term OS support.

For hospitals: Governance boards must treat biomedical IT as critical infrastructure, not peripheral equipment.

For policymakers: Regulatory tightening is inevitable; frameworks like HIPAA/HITRUST in the U.S. and EHDS in Europe will push enforceable baselines.

About Black Book

Since 2011, Black Book™ has been healthcare's independent benchmark source, surveying millions of technology users worldwide to measure vendor performance across 18 key indicators. In addition to recognizing top performers, Black Book research uncovers hidden risks and blind spots that threaten care delivery, patient safety, and organizational trust. With a global focus on healthcare technology, services, and capital equipment - including cybersecurity and patient privacy governance, Black Book provides insights for providers, payers, vendors, and policymakers to strengthen healthcare through smarter, safer technology.

Each year, Black Book publishes The State of Healthcare Cybersecurity, an extensive industry research report available free at https://blackbookmarketresearch.com/the-2025-black-book-of-healthcare-cybersecurity and more information at www.blackbookmarketresearch.com.

Contact Information:

Press Office
research@blackbookmarketresearch.com
8008637590

SOURCE: Black Book Research