Healthcare imaging systems remain an attractive target for attackers, yet many organizations still have limited visibility into how exposed these environments are and how they are being probed in practice. This talk presents findings from Internet-scale measurements of medical imaging services together with observations from unique cyber-deception systems designed to capture attacker behavior. We show how weak authentication, lack of encryption, outdated software, and insecure defaults continue to create risk for patient data and clinical operations. Lastly, we show what real-world attacker behavior can teach defenders about exposure, visibility gaps, and risk in healthcare imaging environments.