SECURITY
SECURITY
SECURITY
45M medical images found exposed online on unsecured servers
Cybersecurity researchers have discovered more than 45 million medical images exposed online that include personally identifiable information.
Detailed today by researchers at CybelAngel, the images were found as part of a six-month investigation of data storage systems used by healthcare organizations including scanning 4.3 billion IP addresses for insecure services. The investigation specifically targeted network-attached storage and Digital Imaging and Communications in Medicine, the latter a de facto standard used by healthcare professionals to send and receive medical data.
The more than 45 million medical images were found on 2,140 unprotected servers across 67 countries including the U.S., the U.K. and Germany. The images typically included 200 lines of metadata per record, and involved personally identifiable information such as name, address and birthdate along with protected health information such as height, weight and diagnosis — all exposed online without the need for a username or password.
“The fact that we did not use any hacking tools throughout our research highlights the ease with which we were able to discover and access these files,” said David Sygula, senior cybersecurity analyst at CybelAngel and an author of the report. “This is a concerning discovery and proves that more stringent security processes must be put in place to protect how sensitive medical data is shared and stored by healthcare professionals. A balance between security and accessibility is imperative to prevent leaks from becoming a major data breach.”
Trevor Morgan, product manager with data security specialists comforte AG, told SiliconANGLE that the leak points up a key issue: Sensitive information doesn’t just encompass financial data but also other, more personal types of personally identifiable information.
“Some of the most sensitive data people and enterprises own is information about their medical health and well-being,” Morgan said. “This PHI is clearly addressed in many privacy regulations, so organizations that handle, process and store this data need to find the most effective ways to prevent leaks from compromising the subjects of this sensitive information.”
Josh Bohls, chief executive officer of secure content capture firm Inkscreen LLC, noted that the leak also shows how “toothless” the U.S. health regulations are and how lax healthcare providers have become when storing patient data. “This should serve as a wakeup call for providers to take a fresh look at how they process, maintain and safeguard patient-identifiable photos,” he said.
Photo: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
