UPDATED 21:59 EDT / DECEMBER 15 2020

SECURITY

45M medical images found exposed online on unsecured servers

Cybersecurity researchers have discovered more than 45 million medical images exposed online that include personally identifiable information.

Detailed today by researchers at CybelAngel, the images were found as part of a six-month investigation of data storage systems used by healthcare organizations including scanning 4.3 billion IP addresses for insecure services. The investigation specifically targeted network-attached storage and Digital Imaging and Communications in Medicine, the latter a de facto standard used by healthcare professionals to send and receive medical data.

The more than 45 million medical images were found on 2,140 unprotected servers across 67 countries including the U.S., the U.K. and Germany. The images typically included 200 lines of metadata per record, and involved personally identifiable information such as name, address and birthdate along with protected health information such as height, weight and diagnosis — all exposed online without the need for a username or password.

“The fact that we did not use any hacking tools throughout our research highlights the ease with which we were able to discover and access these files,” said David Sygula, senior cybersecurity analyst at CybelAngel and an author of the report. “This is a concerning discovery and proves that more stringent security processes must be put in place to protect how sensitive medical data is shared and stored by healthcare professionals. A balance between security and accessibility is imperative to prevent leaks from becoming a major data breach.”

Trevor Morgan, product manager with data security specialists comforte AG, told SiliconANGLE that the leak points up a key issue: Sensitive information doesn’t just encompass financial data but also other, more personal types of personally identifiable information.

“Some of the most sensitive data people and enterprises own is information about their medical health and well-being,” Morgan said. “This PHI is clearly addressed in many privacy regulations, so organizations that handle, process and store this data need to find the most effective ways to prevent leaks from compromising the subjects of this sensitive information.”

Josh Bohls, chief executive officer of secure content capture firm Inkscreen LLC, noted that the leak also shows how “toothless” the U.S. health regulations are and how lax healthcare providers have become when storing patient data. “This should serve as a wakeup call for providers to take a fresh look at how they process, maintain and safeguard patient-identifiable photos,” he said.

Photo: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU