Cyber threats targeting healthcare IoT and operational technology are rising sharply, with hospitals and clinics increasingly in the crosshairs of attackers, according to new research from Forescout’s Vedere Labs.
The report found that in 2025, healthcare emerged as the fourth most affected sector for ICS vulnerabilities, up from eighth in previous years, driven by an increasing adoption of telehealth, remote work, and the use of health related IoT devices which has expanded attack surfaces significantly.
Hospitals and clinics faced a growing number of incidents affecting connected medical and IoT devices, including imaging systems, hospital workstations, and building automation equipment.
“Healthcare delivery organisations are complex and increasingly connected,” said Daniel dos Santos, Head of Research at Forescout. “Organisations are complex, combining cutting-edge hardware and software with legacy devices built to last decades.”
Emerging threats in healthcare IoT security include AI-enabled attacks and the expansion of remote care.
“Connected patient devices in homes and consumer devices integrated into hospital networks increase attack surfaces,” dos Santos said. “Hacktivist activity could also grow, particularly in geopolitical conflicts, potentially targeting medical systems directly.”
The report also found that the confidential and sensitive nature of the data involved made healthcare an attractive target for criminals.
“Hospitals and clinics store extremely sensitive data, from patient records to financial information. This makes them valuable targets for ransomware gangs,” dos Santos said.
Furthermore, the report found that resource constraints mean many healthcare organisations underinvest in cybersecurity, lacking adequate tools, staff, or proactive risk management.
The most at-risk healthcare devices include imaging systems such as CT and PET scanners, hospital workstations interfacing with sensitive medical data, and building automation systems including IP cameras and access control devices.
“These devices often run legacy operating systems, require extensive network connectivity, and are frequently misconfigured,” said dos Santos. “That makes them highly attractive targets for attackers.”
Overall, Forescout found that US cybersecurity authorities recorded 508 industrial control system (ICS) advisories covering 2,155 vulnerabilities, with an average Common Vulnerability Scoring System (CVSS) score of 8.07. Eighty-two percent of these advisories were rated high or critical severity, reflecting a trend toward more dangerous cyber risks.
Manufacturing, energy, and transportation remain the most affected sectors, reflecting both the criticality of operations and their broad attack surfaces.
