UPDATED 20:43 EST / JANUARY 12 2020

xray SECURITY

Medical practitioners expose 1B+ records via unsecured databases

More than 1 billion medical images are believed to be exposed online as medical practitioners continue to upload them to unsecured databases.

Discovered by German cybersecurity firm Greenbone Networks, the exposure follows a similar report from the company in September that detailed 24 million medical records on 590 online medical image archive systems.

The data, which includes X-rays, MRIs and CT scans are open to all and sundry online without password protection. The common connection remains servers running the Picture Archiving and Communication System, a 1980s-era protocol that was designed to digitize medical images but was not designed for the internet age.

Despite the reports in September and attempts to contact companies exposing customer data, nothing would appear to have changed. “It seems to get worse every day,” Dirk Schrader from Greenbone Networks told TechCrunch Friday.

Although the threat of someone obtaining another person’s x-ray, for example, may not seem serious, the scans usually include patient information as well, which is valuable to bad actors. There’s also a potential that the exposed data could be used for medical insurance fraud.

“Leaving a database publicly accessible filled with confidential files, images, and personally identifiable information is inexcusable in today’s advanced threat landscape,” Anurag Kahol, chief technology officer of cloud access security broker Bitglass Inc., told SiliconANGLE. “Companies handling medical records are heavily targeted by cybercriminals, therefore, they must take every precaution necessary to protect patient data.”

Kahol said hundreds of hospitals, medical offices and imaging centers have contributed to the exposure, so they’ll likely face penalties for violating HIPAA compliance regulations and could receive hefty fines.

“Healthcare organizations must take the proper cloud security steps in 2020, including leveraging single sign-on, data loss prevention, along with visibility and control over sharing permissions, in order to secure their databases, maintain compliance with regulations and protect the sensitive data that they have been entrusted with,” Kahol added.

Photo: Pixabay

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.