UPDATED 20:43 EDT / JANUARY 12 2020

SECURITY

Medical practitioners expose 1B+ records via unsecured databases

More than 1 billion medical images are believed to be exposed online as medical practitioners continue to upload them to unsecured databases.

Discovered by German cybersecurity firm Greenbone Networks, the exposure follows a similar report from the company in September that detailed 24 million medical records on 590 online medical image archive systems.

The data, which includes X-rays, MRIs and CT scans are open to all and sundry online without password protection. The common connection remains servers running the Picture Archiving and Communication System, a 1980s-era protocol that was designed to digitize medical images but was not designed for the internet age.

Despite the reports in September and attempts to contact companies exposing customer data, nothing would appear to have changed. “It seems to get worse every day,” Dirk Schrader from Greenbone Networks told TechCrunch Friday.

Although the threat of someone obtaining another person’s x-ray, for example, may not seem serious, the scans usually include patient information as well, which is valuable to bad actors. There’s also a potential that the exposed data could be used for medical insurance fraud.

“Leaving a database publicly accessible filled with confidential files, images, and personally identifiable information is inexcusable in today’s advanced threat landscape,” Anurag Kahol, chief technology officer of cloud access security broker Bitglass Inc., told SiliconANGLE. “Companies handling medical records are heavily targeted by cybercriminals, therefore, they must take every precaution necessary to protect patient data.”

Kahol said hundreds of hospitals, medical offices and imaging centers have contributed to the exposure, so they’ll likely face penalties for violating HIPAA compliance regulations and could receive hefty fines.

“Healthcare organizations must take the proper cloud security steps in 2020, including leveraging single sign-on, data loss prevention, along with visibility and control over sharing permissions, in order to secure their databases, maintain compliance with regulations and protect the sensitive data that they have been entrusted with,” Kahol added.

Photo: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU