SECURITY
SECURITY
SECURITY
Medical practitioners expose 1B+ records via unsecured databases
More than 1 billion medical images are believed to be exposed online as medical practitioners continue to upload them to unsecured databases.
Discovered by German cybersecurity firm Greenbone Networks, the exposure follows a similar report from the company in September that detailed 24 million medical records on 590 online medical image archive systems.
The data, which includes X-rays, MRIs and CT scans are open to all and sundry online without password protection. The common connection remains servers running the Picture Archiving and Communication System, a 1980s-era protocol that was designed to digitize medical images but was not designed for the internet age.
Despite the reports in September and attempts to contact companies exposing customer data, nothing would appear to have changed. “It seems to get worse every day,” Dirk Schrader from Greenbone Networks told TechCrunch Friday.
Although the threat of someone obtaining another person’s x-ray, for example, may not seem serious, the scans usually include patient information as well, which is valuable to bad actors. There’s also a potential that the exposed data could be used for medical insurance fraud.
“Leaving a database publicly accessible filled with confidential files, images, and personally identifiable information is inexcusable in today’s advanced threat landscape,” Anurag Kahol, chief technology officer of cloud access security broker Bitglass Inc., told SiliconANGLE. “Companies handling medical records are heavily targeted by cybercriminals, therefore, they must take every precaution necessary to protect patient data.”
Kahol said hundreds of hospitals, medical offices and imaging centers have contributed to the exposure, so they’ll likely face penalties for violating HIPAA compliance regulations and could receive hefty fines.
“Healthcare organizations must take the proper cloud security steps in 2020, including leveraging single sign-on, data loss prevention, along with visibility and control over sharing permissions, in order to secure their databases, maintain compliance with regulations and protect the sensitive data that they have been entrusted with,” Kahol added.
Photo: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
